Largest US dental insurer breached in MOVEit attack, 7M exposed

Dental insurance company Delta Dental of California and Affiliates (DDCA), a part of Delta Dental Plans Association, has become yet another victim of the MOVEit Transfer zero-day flaw exploitation campaign. The Russia-linked ransomware syndicate Cl0p has obtained private information – including driver's licenses and passport numbers – of almost seven million customers.

As confirmed by DDCA’s investigation on July 6th, the hackers accessed and acquired Delta Dental of California and affiliates' information on the MOVEit platform between May 27th and May 30th. The company filed a breach notification with the Maine Attorney General on December 14th.

The total number of individuals affected, as indicated in the filing, was 6,928,932.

The leaked information is personal and extremely sensitive, as it includes names with a combination of addresses, Social Security numbers, driver’s license numbers or other state identification numbers, passport numbers, financial account information, tax identification numbers, individual health insurance policy numbers, and/or health information.

According to the filing, the hackers obtained credit card or account numbers together with a security code, access code, password, or PIN for the account.

The three affected residents in Maine were notified “on approximately December 14th.”

“Upon that determination, the Company worked diligently to identify any impacted individuals to provide notification. On November 27th, 2023, the Company determined what personal information was affected and to whom it belonged,” DDCA’s letter to the Office of the Attorney General reads.

DDCA confirms that it stopped access to the MOVEit software, removed the malicious files, conducted a thorough analysis of the MOVEit database, applied the recommended, and reset administrative passwords. It notified law enforcement as well.

Affected individuals were offered free credit monitoring and identity protection services for two years and were advised to review account statements and credit reports closely for any suspicious activity.

“We take the privacy and security of your information seriously, and sincerely apologize for any concern or inconvenience this may cause you,” DDCA’s letter to the affected individuals reads.

“On November 27th, 2023, we determined your personal information was affected. In addition to our own investigation, we have also notified law enforcement of the incident and have been cooperating with them since.”

Delta Dental of California operates in 15 states and the District of Columbia. The company is part of the Delta Dental Plans Association (“Delta Dental”), which is a network of dental insurance companies composed of 39 independent Delta members that operate in all 50 states. Delta Dental is the US’s leading provider of dental benefits to individuals through commercial groups via fully insured and self-insured funding methods and in the individual market.

The Russia-linked Cl0p ransomware cartel has garnered a lot of attention with this year’s high-profile string of MOVEit hacks. According to researchers at Emsisoft, over 2,600 organizations – mainly in the US – and over 83 million individuals have been impacted by MOVEit attacks.

Taking IBM’s estimate, which puts the cost of an average data breach at $165 per leaked record, the impact of Cl0p attacks would add up to a staggering $13.7 billion.

First observed in 2019, the Cl0p syndicate is also known as TA505, Lace Tempest, Dungeon Spider, and FIN11.

MOVEit Transfer is a managed file transfer software. Hackers exploited the now-patched zero-day bug that affected MOVEit Transfer’s servers, allowing attackers to access and download the data stored there.

More from Cybernews:

Experiment: the ultimate kill switch for ads, malvertisers, and scammers

Google to limit advertisers' use of browser tracking cookies

GM’s Cruise lays off 24% of staff following pedestrian crash case

Meta oversight board to examine Israel-Hamas war content

UK’s Newsquest media group disrupted by cyberattack

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked