December 15, 2023 at 02:06PM
Delta Dental of California and its affiliates are notifying 6.9 million patients of a data breach due to a vulnerability in MOVEit Transfer software. The breach resulted in unauthorized access, with stolen data including names, financial account numbers, and credit/debit card numbers. The company is offering 24 months of free credit monitoring and identity theft protection to affected customers.
Summary of Meeting Notes:
– Delta Dental of California and its affiliates have experienced a data breach affecting nearly seven million patients due to unauthorized access through the MOVEit Transfer software application.
– The breach involved exposure of personal data including names, financial account numbers, and credit/debit card numbers with security codes.
– The breach was attributed to a zero-day SQL injection flaw (CVE-2023-34362) in the MOVEit software, which was exploited by the Clop ransomware gang.
– Delta Dental of California discovered the compromise on June 1, 2023, and confirmed unauthorized access and data theft from May 27 to May 30, 2023.
– A subsequent investigation to determine the full impact of the breach was completed on November 27, 2023, revealing that 6,928,932 customers were impacted.
– Affected customers are being offered 24 months of free credit monitoring and identity theft protection services.
– Customers are advised to be cautious of unsolicited communications, as their data may have been shared with phishing actors, scammers, and cybercriminals.
– This breach is the third largest MOVEit data breach, behind Maximus and Welltok.
– As of the December 15, 2023 update, it was clarified that the breach occurred with Delta Dental of California and its affiliates, not the Delta Dental Plans Association.