Dental benefits group notifying almost 7 million Americans of MOVEit data theft

Share post:

Almost 7 million U.S. residents are being notified by a dental benefits provider that their personal information was stolen in one of the biggest single attacks involving the MOVEit file transfer application.

Delta Dental of California and its affiliates, which provide dental benefits to individuals through commercial groups, said the attacker copied subscribers’ names, Delta financial account number or their credit/debit card numbers, along with security access codes, passwords or PIN numbers with the accounts. Passport numbers in some cases were also copied.

According to numbers tracked by Emsisoft, this is the third biggest publicly confirmed data theft from an individual company so far. The biggest is Maximus Inc., a U.S. government services provider, which said information on 11.3 million people was stolen from its MOVEit Transfer system.

The Clop/Cl0p ransomware gang has taken credit for discovering and exploiting a zero day vulnerability allowing it to bypass multifactor authentication on both on-premises and cloud versions of Progress Software’s MOVEit application.

The vulnerability, CVE-2023-34362, has been assigned a severity rating of 9.8 out of 10. 

U.S.-based organizations account for 78.4 per cent of known victims, Emsisoft says, Canada-based 13.8 percent and Germany-based 1.4 per cent. The most heavily impacted sectors are education (40.0 percent), health (19.6 percent), and finance and professional services (12.7 percent).

According to researchers at Kroll LLC, the most common technique of compromise involved a dropped web shell to inject a session or create a malicious account. From there, threat actors were able to reauthenticate and use the MOVEit application itself to transfer files.

However, in a few instances, the attacker passed three variables to the web shell: The organization ID, the folder ID and the file name. From there, the web shell utilized MOVEit API calls for file enumeration and data exfiltration. A Python script was used exfiltrate data during the initial wave of co-ordinated and largely automated attacks across MOVEit servers.

Kroll forensic analysis has also seen activity suggesting the Clop gang was likely experimenting with ways to exploit this particular vulnerability as far back as 2021.

The post Dental benefits group notifying almost 7 million Americans of MOVEit data theft first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Cyber Security Today, Week in Review for week ending Friday, Feb. 23, 2024

This episode features discussion on the takedown of the LockBit ransomware gang

Breaking news: RCMP facing ‘alarming’ cyber attack

The RCMP is facing a serious cyber attack from an unspecified threat actor. The Mounties told CBC News today that a “breach of this magnitude is alarming.” “The situation is evolving quickly but at this time, there is no impact on RCMP operations and no known threat to the safety and security of Canadians,” a spokesperson

Leaked documents may show the inside of China’s hacking strategy

Documents apparently stolen by disgruntled employees to embarrass their firm may give insight into China's cyber

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways