Letter to the UC community regarding the Delta Dental of California/MOVEit data breach
Jan. 5, 2024: The letter below has been updated with clarifying information.
UC recently learned that between May 27 and May 30, 2023, our dental insurance carrier, Delta Dental of California and affiliates, experienced a data breach in their MOVEit file-transfer software program. (This incident is separate from the Delta Dental of California/Orrick breach that occurred in March of this year).
Delta Dental of California was one of thousands of organizations impacted by a global data security incident resulting from a previously unknown vulnerability in the widely used MOVEit file transfer software (made by Progress Software). The breach impacted corporations, government agencies, insurance providers, financial institutions, state education systems and other entities, and millions of people, including approximately 190,000 UC employees, retirees and dependents.
The breach compromised personal identifying information including name, address, social security number, date of birth and health care information.
Delta Dental of California has been working with local and federal law enforcement and third-party vendors to investigate this incident, to assess the information that has been compromised, and to limit the release of stolen information. They are in the process of mailing notification letters to impacted individuals.
If you receive such a letter, it will detail the type of information that was compromised in your account, as well as instructions and a membership number for enrolling in 24 months of free credit monitoring and identity theft protection through Kroll.
UC is monitoring this situation closely and will inform the community if we learn of any further details.
If you have questions about the breach or need additional information on the identity theft protection program, the Kroll customer service team is available Monday through Friday at 1-800-693-2571, from 6 a.m. to 3:30 p.m. (PT), with the exception of holiday closures on Dec. 25, 2023, and Jan. 1, 2024. Please note that UCPath Center and UC Retirement Administration Service Center (RASC) representatives do not have additional details regarding this incident.
What you should do to protect your personal and financial information:
- If you receive a letter from Delta Dental of California, take advantage of the free credit monitoring and identity theft protection: Information and a unique pin code for registering will be contained in the letter from Delta Dental of California. You must activate this protection within 90 days of receiving the letter.
- Monitor and set up alerts for bank account(s): Monitor your bank account(s) for suspicious transactions and report any to your bank. Ask the bank for online monitoring and alerts on your account. This will give you early warning of any fraudulent transactions.
- Watch out for suspicious emails: It is possible that the person(s) behind this attack may send threatening mass emails in an attempt to scare people into giving them money. If you receive such an email, forward it to your local information security office or simply delete it. Please do not engage or respond.
- Place a fraud alert on your credit file: We recommend you place a fraud alert on your credit file by contacting one of the three nationwide credit bureaus listed below. If a fraud alert is placed on a consumer’s credit file, certain identity verification steps must be taken prior to extending new credit.
- Important reminders about protecting yourself: These incidents are reminders of the importance of doing everything possible to protect your online information. We recommend that you take the identity theft measures described at https://www.identitytheft.gov/databreach