Delta Dental of California announced that a cyberattack had exposed sensitive data on as many as 7 million people.

Delta Dental of California and its affiliates were one of thousands of organizations impacted by a global data security hacking incident resulting from a previously unknown vulnerability in the widely used MOVEit file transfer software.

Delta Dental investigated the incident, learning of unauthorized actors accessed certain protected health information, including information shared in connection with dental procedures and claims payments.

Progress Software announced a previously unknown vulnerability within their widely used MOVEit file-transfer software program. This vulnerability led to a global data security incident that is reported to have impacted thousands of organizations, including corporations, government agencies, insurance providers, pension funds, financial institutions, and state education systems.

On June 1, 2023, Delta Dental learned unauthorized actors exploited a vulnerability affecting the MOVEit file transfer software application. Immediately after being alerted of the incident, the company launched a thorough investigation and took steps to contain and remediate the incident.

The investigation confirmed that company information on the MOVEit platform had been accessed and acquired without authorization between May 27 and May 30, 2023. Delta Dental says it promptly engaged independent third-party experts in computer forensics, analytics, and data mining to determine what information was impacted and with whom it is associated.

The investigation found that approximately 7 million individuals were impacted. The company notified law enforcement of the incident and have been cooperating with them since. The investigation into the affected information was completed on Nov. 27, 2023. Impacted individuals will be notified, outlining the incident and specific services available to support them.

The company is encouraging individuals affected by the data breach to remain vigilant by reviewing bank accounts, credit reports and other financial statements closely and immediately report any suspicious activity to the company that maintains the account and notify authorities if they feel they are a victim of identity theft.