Delta Dental of California and Affiliates (DDCA), a major dental insurance company, has disclosed a significant data breach resulting from the exploitation of a zero-day flaw in the MOVEit Transfer software. The cybercriminal group behind the attack is Cl0p, a ransomware syndicate linked to Russia, which gained access to the MOVEit platform and exfiltrated sensitive information between May 27th and May 30th.
The breached data, affecting nearly seven million customers, includes highly sensitive details such as names, addresses, Social Security numbers, driver’s license numbers, passport numbers, financial account information, tax identification numbers, individual health insurance policy numbers, and health information. Additionally, the hackers obtained credit card or account numbers along with security codes, access codes, passwords, or PINs for the accounts. The compromised information poses a severe risk to affected individuals, making them vulnerable to identity theft, financial fraud, and other cybercrimes.
DDCA detected the security incident on July 6th, initiated an investigation, and promptly notified the Maine Attorney General on December 14th. The company has taken steps to contain the breach, including stopping access to the MOVEit software, removing malicious files, conducting a thorough analysis of the MOVEit database, applying recommended security measures, and resetting administrative passwords. Affected individuals are being offered free credit monitoring and identity protection services for two years, along with guidance to closely monitor account statements and credit reports for any suspicious activity.
The Cl0p ransomware syndicate has gained notoriety for a series of high-profile MOVEit hacks, impacting over 2,600 organizations, primarily in the United States, and affecting more than 83 million individuals. The financial impact of these attacks, considering the average cost of a data breach, is estimated to be a staggering $13.7 billion. The MOVEit Transfer software, used for managed file transfer, suffered from a zero-day vulnerability that allowed attackers to access and download stored data on MOVEit Transfer servers.
As the investigation unfolds, affected individuals are encouraged to remain vigilant, take advantage of the offered credit monitoring services, and follow recommended security practices to mitigate the risks associated with the breach. The incident highlights the persistent and evolving threats posed by cybercriminals, emphasizing the need for robust cybersecurity measures and proactive defense strategies across organizations and industries.