Delta Dental of California data breach exposed info of 7 million people
By Bill Toulas
Published: 2023-12-15 · Archived: 2026-04-05 20:25:33 UTC
Delta Dental of California and its affiliates are warning almost seven million patients that they suffered a data breach after
personal data was exposed in a MOVEit Transfer software breach.
Delta Dental of California is a dental insurance provider that covers 45 million people across 15 states and is part of
the Delta Dental Plans Association.
According to a Delta Dental of California data breach notification, the company suffered unauthorized access by threat
actors through the MOVEit file transfer software application.
https://www.bleepingcomputer.com/news/security/delta-dental-of-california-data-breach-exposed-info-of-7-million-people/
Page 1 of 4

0:00
https://www.bleepingcomputer.com/news/security/delta-dental-of-california-data-breach-exposed-info-of-7-million-people/
Page 2 of 4

Visit Advertiser websiteGO TO PAGE
The software was vulnerable to a zero-day SQL injection flaw leading to remote code execution, tracked as CVE-2023-
34362, which the Clop ransomware gang leveraged to breach thousands of organizations worldwide.
Delta Dental of California learned about the compromise on June 1, 2023, and five days later, following an internal
investigation, it confirmed that unauthorized actors had accessed and stolen data from its systems between May 27 and May
30, 2023.
The second, more lengthy investigation to determine the exact impact of the security incident was completed on November
27, 2023.
Based on this, the data breach has so far impacted 6,928,932 customers of Delta Dental of California, who had their names,
financial account numbers, and credit/debit card numbers, including security codes, exposed.
Delta Dental of California provides 24 months of free credit monitoring and identity theft protection services to impacted
patients to mitigate the risk of their exposed data. Details on enrolling in the program are enclosed in the personal notices.
If you are a customer of Delta Dental of California, you are advised to be cautious with unsolicited communications, as your
data may have been already shared with phishing actors, scammers, and other cybercriminals.
The Delta Dental of California case is the third largest MOVEit data breach, only behind Maximus (11 million)
and Welltok (8.5 million).
Update 12/15/23: Updated article to make clear the the breach is with the Delta Dental of California and its affiliates,
rather than the Delta Dental Plans Association.
Automated Pentesting Covers Only 1 of 6 Surfaces.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the
other.
https://www.bleepingcomputer.com/news/security/delta-dental-of-california-data-breach-exposed-info-of-7-million-people/
Page 3 of 4

This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic
questions for any tool evaluation.
Source: https://www.bleepingcomputer.com/news/security/delta-dental-of-california-data-breach-exposed-info-of-7-million-people/
https://www.bleepingcomputer.com/news/security/delta-dental-of-california-data-breach-exposed-info-of-7-million-people/
Page 4 of 4