Skip to main content

Delta Dental of California Data Breach | MOVEit

Written by Joseph Lyon on . Posted in Data Breach.

The Lyon Firm is reviewing Delta Dental of California data breach claims linked to the MOVEit cyberattack that has impacted millions of individuals and hundreds of organizations. Contact our legal team to review your data privacy case. We offer free consultations for plaintiffs in California and nationwide. Litigation is moving forward but it is not too late to join the class action. 

Following a period of investigating the data security event, Delta Dental of California finally confirmed on July 6, 2023 that it was one of the MOVEit data breach victims. The Clop hacking group’s mass exploitation of a zero-day vulnerability in Progress Software’s MOVEit Transfer solution led to the leak of the said data, along with a trove of data from hundreds of other organizations. The Delta data breach, however, is one of the largest reported thus far.

The company said plan members’ data had been accessed and acquired without authorization, and spent additional time to determine exactly what data had been stolen. The final list of the affected individuals and types of data involved was finalized on November 27 and data breach notification letters were sent to impacted individuals on December 14, 2023.

What Happened at Delta Dental of California?

Delta Dental of California says it learned about the attack on Progress Software’s MOVEit file transfer system on June 1, and began an investigation to take steps to “remediate the incident.” They discovered that the SQL injection vulnerability – CVE-2023-34362 – in the MOVEit Transfer solution had been exploited. Progress Software released an emergency patch to fix the flaw on May 31, 2023 but it was too late. The Clop group exploited the flaw exfiltrated data from Delta Dental’s MOVEit server between May 27 and May 30, 2023, before the patch was available.

On September 5, 2023, Delta Dental of California (Delta) filed a “hacking/IT incident” notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights (HHS). The organization was notified by a third-party vendor that hackers exploited a vulnerability in MOVEit, a file-transfer software used by the company. Delta explained that the cyberattack resulted in an unauthorized party being able to access consumers’ sensitive information, though the personal data compromised will vary from person to person.

Delta Dental said the stolen data could include the following: address, Social Security number, driver’s license number, other state identification number, passport number, financial account information, tax identification number, individual health insurance policy number, and/or health information.

What Should You Do After a Data Theft Incident?

If you received a data breach notification from Delta Dental of California, it is important to understand the risks of data theft events. Victims should remain vigilant for signs of medical identity theft and fraud, and can contact data breach lawyers to discuss possible legal action.

Delta has sent out data breach letters to individuals whose information was impacted, including more specifics on what personal information of theirs was compromised. In many cases, Social Security numbers, health information and sensitive financials were leaked.

More Information About Delta Dental of California

Delta Dental of California is an insurance company based out of San Francisco, California. As a whole, Delta has plans in all 50 states. Delta Dental of California, part of the Delta Dental Plans Association, provides dental insurance to 45 million people.

According to the breach notification sent to the Maine Attorney General, the information of almost 7 million individuals was stolen in the attack, including members of California plans and those of its affiliates.

Attorneys argue in several pending class action lawsuits that Delta Dental not only failed to secure member data from unauthorized access but also waited five months after discovering the incident, in early June, to notify impacted individuals on December 15.

Can I Join the MOVEit Class Action Lawsuit?

Many hospitals, insurance companies and other healthcare related entities have been hit with cyberattacks in recent months due to the value of medical records and other stored data. When this occurs, victims are often left wondering if there is legal recourse. There absolutely is the possibility of filing a suit if a company failed to protect your data due to poor security systems. Plaintiffs claim the incident stems from the company’s failure to implement adequate data security measures and properly monitor its computer network for signs of intrusion.

A lawsuit has been filed, naming Delta and Progress Software as defendants. A proposed class action claims Delta Dental of California and Delta Dental Insurance Company failed to protect members’ personal and health information, and this lack of security led to the theft of a great deal of information.

According to the complaint, the California dental insurer admitted that company information was accessed and stolen by hackers, who had exploited a vulnerability in the MOVEit software, between May 27 and May 30, 2023. The cybersecurity software company Emisoft reported that the Delta Dental data breach has impacted over 6.9 million individuals.

An experienced class action data privacy attorney can determine if you are eligible to file a lawsuit or join a class of plaintiffs. A lawyer can assist in determining the following:

  • Did Delta Dental of California fail to adopt security safeguards that would have prevented a data breach?
  • Did Delta notify customers as soon as it learned of the incident?
  • Did the company promptly provide a complete list of all individuals impacted?
  • Did they provide IT network security in line with industry standards?

What Can I Do After the Delta Dental Data Breach?

It is critical for Delta patients who were affected by the data breach to remain vigilant and to keep an eye out for signs of fraud and suspicious activity. It is prudent to monitor your financial accounts and credit reports.

Contact our legal team to review your case if you get a letter from Delta. A lawsuit can compensate you for damages related to this data theft incident. Consider joining the class to seek financial support and to hold any negligent company accountable for the harm they have caused. We have years of experience in data privacy matters and we are filing claims for plaintiffs in California and nationwide.