Dental benefits group notifying almost 7 million Americans of MOVEit data theft

Share post:

Almost 7 million U.S. residents are being notified by a dental benefits provider that their personal information was stolen in one of the biggest single attacks involving the MOVEit file transfer application.

Delta Dental of California and its affiliates, which provide dental benefits to individuals through commercial groups, said the attacker copied subscribers’ names, Delta financial account number or their credit/debit card numbers, along with security access codes, passwords or PIN numbers with the accounts. Passport numbers in some cases were also copied.

According to numbers tracked by Emsisoft, this is the third biggest publicly confirmed data theft from an individual company so far. The biggest is Maximus Inc., a U.S. government services provider, which said information on 11.3 million people was stolen from its MOVEit Transfer system.

The Clop/Cl0p ransomware gang has taken credit for discovering and exploiting a zero day vulnerability allowing it to bypass multifactor authentication on both on-premises and cloud versions of Progress Software’s MOVEit application.

The vulnerability, CVE-2023-34362, has been assigned a severity rating of 9.8 out of 10. 

U.S.-based organizations account for 78.4 per cent of known victims, Emsisoft says, Canada-based 13.8 percent and Germany-based 1.4 per cent. The most heavily impacted sectors are education (40.0 percent), health (19.6 percent), and finance and professional services (12.7 percent).

According to researchers at Kroll LLC, the most common technique of compromise involved a dropped web shell to inject a session or create a malicious account. From there, threat actors were able to reauthenticate and use the MOVEit application itself to transfer files.

However, in a few instances, the attacker passed three variables to the web shell: The organization ID, the folder ID and the file name. From there, the web shell utilized MOVEit API calls for file enumeration and data exfiltration. A Python script was used exfiltrate data during the initial wave of co-ordinated and largely automated attacks across MOVEit servers.

Kroll forensic analysis has also seen activity suggesting the Clop gang was likely experimenting with ways to exploit this particular vulnerability as far back as 2021.

The post Dental benefits group notifying almost 7 million Americans of MOVEit data theft first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

FBI rapidly hacks into Trump shooter’s phone, raises privacy concerns

Just two days after the attempted assassination at a Trump rally, the FBI announced it had gained access...

Disney investigating a potential major leak of internal communications

Disney is investigating a significant data breach by the hacking group Nullbulge, which claims to have accessed and...

Kaspersky to shut down its US business due to sanctions

Russian cybersecurity firm Kaspersky Lab announced it will cease its U.S. operations starting July 20, following sanctions from...

Google’s Gemini AI caught scanning private Google Drive documents without permission

Google's Gemini AI has come under fire for scanning private PDF documents in Google Drive without user consent....

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways