Since its emergence in May 2023, the MOVEit vulnerability has been exploited by the Russia-linked Cl0p ransomware gang, revealing its involvement in the breach.
According to a data breach notification, Delta Dental, a dental insurance provider based in Oak Brook, Illinois, United States, has been the victim of a sophisticated cyberattack orchestrated by exploiting a zero-day failure in MOVEit Transfer.
The famous Russian-linked ransomware syndicate known as cl0p, is behind the breach, which compromises the private information of almost seven million customers. Hackread.com can confirm that the Cl0p ransomware gang has indeed published the entire data set on its dark web domain, making it available for public download via a torrent.
Delta Dental's internal investigation, concluded on July 6, has shed light on the seriousness of the incident. Cybercriminals successfully infiltrated and exfiltrated sensitive data belonging to Delta Dental of California and its affiliated entities on the MOVEit platform during the period from May 27 to May 30.
The severity of the situation led the company to quickly file a lawsuit. breach notification (PDF) with the Maine Attorney General, officially documenting the December 14, 2023 security incident.
The exposed information covers a large amount of personal and highly sensitive details, posing a significant risk to affected individuals. Compromised data includes names along with a combination of addresses, Social Security numbers, driver's license numbers or other state identification numbers, passport details, financial account information, tax identification numbers, insurance policy numbers individual doctor and various health-related information. .
This breach not only represents a threat to the privacy and security of Delta Dental customers, but also raises concerns about the potential misuse of the stolen data. With the involvement of the Cl0p ransomware syndicate, known for its aggressive tactics, the consequences of this breach could extend beyond typical data exposure scenarios.
Delta Dental now faces the difficult task of mitigating the consequences of this significant security incident. As affected customers grapple with the potential ramifications of identity theft and financial fraud, cybersecurity experts emphasize the urgency of implementing robust measures to safeguard sensitive information.
In a comment to Hackread.com, claude mandiSymmetry Systems' chief data security evangelist, expressed empathy for victims and warned them of potential phishing attacks they may encounter.
โMy thoughts are with the patients affected by the incident, who are slowly discovering what information has been exposed. While most information is fungible and easily replaceable with little impact, it still requires continued vigilance by affected parties to prevent further impact, whether by monitoring financial accounts and credit scores or being more vigilant for phishing. โClaude said.
The recent data breach is concerning for Delta Dental and its customers. It underscores the importance of companies quickly patching and securing their infrastructure. This breach highlights the exploitation of vulnerabilities in Ipswitch INC's managed file transfer software, MOVEit Transfer, by groups such as Cl0p.
So far, numerous organizations, spanning government agencies, airlines, educational and financial institutions, as well as healthcare providers, have been victims of the data breach linked to MOVEit. The compromised data includes sensitive information such as credit card numbers, personally identifiable information (PII), and social security numbers (SSN).
RELATED POSTS
- 900 US Schools Hit by MOVEit Hack, Exposing Student Data
- Massive MOVEit hack: More than 630,000 emails of US defense officials breached
- UK Ofcom confirms cyberattack as PoC exploit for MOVEit launches
- Sony data leak via MOVEit vulnerability affects thousands of people in the US
- Okta breach linked to employee's Google account affects 134 customers
