Delta Dental of California and its affiliates have notified nearly seven million patients of a data breach that occurred after personal data was exposed in a security breach involving MOVEit Transfer software.
Delta Dental of California provides dental insurance to 45 million people across 15 states and is part of the Delta Dental Plans Association.
According to a notification from Delta Dental of California, the company experienced unauthorized access by threat actors through the MOVEit file transfer software application.
The software was vulnerable to a zero-day SQL injection flaw, tracked as CVE-2023-34362, which the Clop ransomware gang used to breach thousands of organizations worldwide.
Delta Dental of California discovered the compromise on June 1, 2023, and confirmed that unauthorized actors had accessed and stolen data from its systems between May 27 and May 30, 2023, after an internal investigation.
A more extensive investigation to determine the exact impact of the security incident was completed on November 27, 2023.
As a result of the breach, 6,928,932 customers of Delta Dental of California had their names, financial account numbers, and credit/debit card numbers, including security codes, exposed.
Delta Dental of California is offering impacted patients 24 months of free credit monitoring and identity theft protection services to mitigate the risk of their exposed data. Details on enrolling in the program are included in the personal notices.
Customers of Delta Dental of California are advised to be cautious with unsolicited communications, as their data may have been shared with phishing actors, scammers, and other cybercriminals.
This breach at Delta Dental of California is the third largest MOVEit data breach, behind only Maximus (11 million) and Welltok (8.5 million).
Update 12/15/23: Updated article to clarify that the breach is with Delta Dental of California and its affiliates, rather than the Delta Dental Plans Association.