Pages

Saturday, December 23, 2023

Hint: Freeze Your Credit or the Extraction from Your Wallet May Be Painful

We noted in a prior posting that there had been a cyber-breach of Delta Dental, one of the insurance programs offered by UC to employees and retirees.* Up to this point, there had been no word from UC about the latest breach. But now there is:

UC recently learned that between May 27 and May 30, 2023, our dental insurance carrier, Delta Dental, experienced a data breach in their MOVEit file-transfer software program. (This incident is separate from the Delta Dental/Orrick breach that occurred in March of this year). This newly reported Delta Dental breach impacted many organizations, including corporations, government agencies, insurance providers, financial institutions, state education systems and other entities, and more than 6.9 million people, including approximately 190,000 UC employees, retirees and dependents.

The breach compromised personal identifying information including name, address, social security number, date of birth and health care information. 

Delta Dental has been working with local and federal law enforcement and third-party vendors to investigate this incident, to assess the information that has been compromised, and to limit the release of stolen information. They will mail letters to all affected individuals within 10 business days.

If you receive such a letter, it will detail the type of information that was compromised in your account, as well as instructions and a pin number for enrolling in 24 months of free credit monitoring and identity theft protection through Kroll.

UC is monitoring this situation closely and will inform the community if we learn of any further details.

If you have questions about the breach, or need additional information on the identity theft protection program, the Kroll customer service team is available Monday through Friday at 1-800-693-2571, from 6 a.m. to 3:30 p.m. (PT), with the exception of holiday closures on Dec. 25, 2023, and Jan. 1, 2024. Please note that UCPath Center and UC Retirement Administration Service Center (RASC) representatives do not have additional details regarding this incident.

What you should do to protect your personal and financial information: 

If you receive a letter from Delta Dental, take advantage of the free credit monitoring and identity theft protection: Information and a unique pin code for registering will be contained in the letter from Delta Dental. You must activate this protection within 90 days of receiving the letter.

Monitor and set up alerts for bank account(s): Monitor your bank account(s) for suspicious transactions and report any to your bank. Ask the bank for online monitoring and alerts on your account. This will give you early warning of any fraudulent transactions.

Watch out for suspicious emails: It is possible that the person(s) behind this attack may send threatening mass emails in an attempt to scare people into giving them money. If you receive such an email, forward it to your local information security office or simply delete it. Please do not engage or respond.

Place a fraud alert on your credit file: We recommend you place a fraud alert on your credit file by contacting one of the three nationwide credit bureaus listed below. If a fraud alert is placed on a consumer’s credit file, certain identity verification steps must be taken prior to extending new credit.

https://www.equifax.com/personal/

https://www.transunion.com

https://www.experian.com/

Important reminders about protecting yourself: These incidents are reminders of the importance of doing everything possible to protect your online information. We recommend that you take the identity theft measures described at https://www.identitytheft.gov/databreach

==

Source: https://mailchi.mp/ucop.edu/may-new-dimensions-553790.

The UC message recommends putting a fraud alert on your credit. Yours truly recommends going further and freezing your credit. It's better to stop fraud from occurring rather than being alerted about it possibly happening.

==

*https://uclafacultyassociation.blogspot.com/2023/12/delta-breach.html.

===

UPDATE of 1-9-2024: I’m Caitlin from Delta Dental of California and affiliates, it’s nice to e-meet you. I’m following up on the article you published on Dec. 23, 2023, and am hoping you can issue some corrections.

  1. Please amend all references of “Delta Dental” to “Delta Dental of California and affiliates” or “Delta Dental of California” in the title and body of the article. The broad “Delta Dental” refers to the Delta Dental Plans Association (DDPA). They are two different companies. Delta Dental of California and affiliates provides quality oral health care to 45 million people across 15 states, the District of Columbia and other U.S. territories. The Delta Dental Plans Association (“Delta Dental”) is a network of dental insurance companies composed of 39 independent Delta Dental member companies that operate in all 50 states and serves more than 80 million Americans.
  2. Will you please rephrase the last sentence in the first paragraph to accurately convey that Delta Dental of California and affiliates was one of thousands of organizations impacted by a global data security incident resulting from a previously unknown vulnerability in the widely used MOVEit file transfer software, made by Progress Software? Noting that Delta Dental of California and affiliates’ investigation found that approximately 7 million individuals were impacted. However, the overall impact of the MOVEit data breach is greater than that. TechCrunch reported a couple of weeks ago that the totality of the MOVEit breach has impacted almost 84 million individuals.
  3. In the third paragraph, the last sentence could be updated to, “They are in the process of mailing notification letters to impacted individuals.”
  4. In the fourth paragraph, please replace “pin number” with “membership number”.

 

UC Office of the President has updated the article on their website to reflect these changes: https://ucnet.universityofcalifornia.edu/news/2023/12/letter-to-the-uc-community-regarding-the-delta-dentalmoveit-data-breach.html.

 

Please let me know if you have any questions.

 

Thank you,

Caitlin


Caitlin Dong | Corporate Communications | cdong@delta.org

Delta Dental of California | 560 Mission Street, Suite 1300 | San Francisco, CA 94105

No comments: