MCNA Dental, the largest dental insurer in the US for government‑sponsored programs, has revealed that hackers stole troves of data on millions of customers in an attack in March.
On March 6, the company became aware of “certain activity” in its IT infrastructure that happened without permission, according to a data breach notice.
The insurer hired cybersecurity experts to assess the intrusion and soon learned that “a criminal was able to see and take copies of some information in our computer system between February 26, 2023 and March 7, 2023.”
The type of data seen and copied by the perps is worryingly sensitive. Per the memo, it includes:
· Information used to contact you, like first and last name, address, date of birth, phone number, email
· Social Security number
· Driver’s license number/other government-issued ID number
· Health insurance (plan information, insurance company, member number, Medicaid-Medicare ID numbers)
· Care for teeth or braces (visits, dentist name, doctor name, past care, x-rays/photos, medicines, and treatment)
· Bills and insurance claims
The notice is provided on behalf of more than 100 of MCNA’s partners across the United States.
Cybercriminals pay handsomely for this type of data as they can use it in social engineering scams, fraud or extortion. LockBit ransomware operators published all of the files – 700 gigabytes of data – on April 6, long before MCNA even acknowledged the hack.
For those asking why it took so long to acknowledge the incident, the accompanying FAQ states:
"Cybersecurity investigations and data review are very complicated and take time. It was important that a thorough investigation into the matter took place to confirm what happened, and identify those individuals who may have been impacted."
MCNA declined LockBit’s $10 million ransom offer to settle the matter and refrain from leaking the data, according to The Record.
In a notice filed with the Office of the Maine Attorney General, MCNA reveals that a whopping 8,923,662 people are affected by this incident.
The insurer is now mailing individual letters to people whose information may have been involved in this event.
Bitdefender Digital Identity Protection lets you instantly find out if your data has leaked in a breach, what type of information was compromised, what risks you face, and whether your information is for sale on the dark web.
Bitdefender Identity Theft Protection covers damages and financial loss from identity theft, complete identity theft restoration services, and identity theft insurance up to $2 million.