Delta Dental of California and its affiliates are warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach.
Delta Dental of California is a dental insurance provider that covers 45 million people across 15 states and is part of the Delta Dental Plans Association.
According to a Delta Dental of California data breach notification, the company suffered unauthorized access by threat actors through the MOVEit file transfer software application.
The software was vulnerable to a zero-day SQL injection flaw leading to remote code execution, tracked as CVE-2023-34362, which the Clop ransomware gang leveraged to breach thousands of organizations worldwide.
Delta Dental of California learned about the compromise on June 1, 2023, and five days later, following an internal investigation, it confirmed that unauthorized actors had accessed and stolen data from its systems between May 27 and May 30, 2023.
The second, more lengthy investigation to determine the exact impact of the security incident was completed on November 27, 2023.
Based on this, the data breach has so far impacted 6,928,932 customers of Delta Dental of California, who had their names, financial account numbers, and credit/debit card numbers, including security codes, exposed.
Delta Dental of California provides 24 months of free credit monitoring and identity theft protection services to impacted patients to mitigate the risk of their exposed data. Details on enrolling in the program are enclosed in the personal notices.
If you are a customer of Delta Dental of California, you are advised to be cautious with unsolicited communications, as your data may have been already shared with phishing actors, scammers, and other cybercriminals.
Update 12/15/23: Updated article to make clear the the breach is with the Delta Dental of California and its affiliates, rather than the Delta Dental Plans Association.