In a recent data breach incident, Delta Dental, a dental insurance provider based in Oak Brook, Illinois, USA, has become the target of a sophisticated cyberattack. The breach, orchestrated by the Russian-linked ransomware syndicate known as Cl0p, exploited a zero-day flaw in MOVEit Transfer, a managed file transfer software by Ipswitch INC.
Hackread has reported that the Cl0p gang released the entire dataset, containing private information of nearly seven million Delta Dental customers, on the dark web. This information is now accessible for public download through a torrent.
An internal investigation by Delta Dental, concluded on July 6, revealed the severity of the incident. Cybercriminals successfully infiltrated and exfiltrated sensitive data from Delta Dental of California and its affiliated entities on the MOVEit platform between May 27 and May 30.
Prompted by the seriousness of the situation, Delta Dental filed a breach notification with the Maine Attorney General on December 14, 2023, officially documenting the security incident.
The exposed information poses a significant risk to affected individuals, including names, addresses, Social Security numbers, driver’s license numbers, passport details, financial account information, tax identification numbers, individual health insurance policy numbers, and various health-related details.
This breach not only threatens the privacy and security of Delta Dental’s customers but also raises concerns about potential misuse of the stolen data. The involvement of the Cl0p ransomware syndicate, known for aggressive tactics, suggests that the fallout from this breach could extend beyond typical data exposure scenarios.
Delta Dental now faces the challenge of mitigating the aftermath of this security incident. As affected customers confront the potential ramifications of identity theft and financial fraud, cybersecurity experts emphasize the urgency of implementing robust measures to protect sensitive information.
Claude Mandy, Chief Evangelist of Data Security at Symmetry Systems, expressed empathy for the victims and warned about potential phishing attacks they may encounter. He stated, “My thoughts are with the impacted patients, who are slowly finding out what information has been exposed. While most of the information is replaceable, it still requires continual vigilance from the impacted parties to avoid further impact.”
This recent data breach is a cause for concern for Delta Dental and its customers, highlighting the importance of companies promptly applying patches and securing their infrastructure. The incident underscores the exploitation of vulnerabilities in MOVEit Transfer by groups like Cl0p, affecting various organizations, including government agencies, airlines, educational and financial institutions, and healthcare providers. The compromised data includes credit card numbers, Personally Identifiable Information (PII), and Social Security Numbers (SSNs).