in Newswire Published on January 9, 2024

May 2023 MOVEit Data Breach Triggers Class Action Against Delta Dental

Last Updated on March 13, 2024

Lamons et al. v. Delta Dental of California et al.

Filed: January 3, 2024 ◆§ 3:24-cv-00030

A class action claims Delta Dental failed to protect members’ personal and health information from a May 2023 data breach.

Defendant(s)

Delta Dental of California Delta Dental Insurance Company

Law(s)

California Unfair Competition Law California Confidentiality Of Medical Information Act

State(s)

California

Categories

Privacy Data Breach

A proposed class action claims Delta Dental of California and Delta Dental Insurance Company failed to protect members’ personal and health information from a May 2023 data breach.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

According to the 75-page lawsuit, the San Fransico-based dental insurer announced in December of last year that it was among the ranks of thousands of organizations affected by a massive cyberattack that targeted MOVEit, a popular file transfer platform. Cybersecurity software company Emisoft reports that the Delta Dental data breach has impacted over 6.9 million individuals, making it the third largest MOVEit-related incident to date.

In its notice to victims, Delta Dental revealed that company information was accessed and stolen by hackers, who had exploited a vulnerability in the MOVEit software, between May 27 and May 30, 2023. The case claims that the data breach exposed members’ dates of birth, Social Security numbers, passport numbers, financial account details, health information, tax identification numbers and health insurance information.

Related Reading: 2023 MOVEit Data Breach Lawsuits

Importantly, the suit attributes the incident to Delta Dental’s alleged failure to implement adequate data security measures and properly monitor its computer network for signs of intrusion. Per the filing, the defendants’ cybersecurity deficiencies have exposed victims to an “imminent, immediate, and continuing” risk of identity theft and fraud.

The complaint contends that Delta Dental not only failed to secure member data from unauthorized access but also waited more than five months after discovering the incident, in early June, to notify affected individuals around December 15.

“Under state and federal law, organizations must report breaches involving [protected health information] within at least sixty (60) days,” the case notes.

One of the plaintiffs, a Delta Dental member who received a notice letter that stated that information about her and her two children had been compromised in the breach, claims that the two years of credit monitoring services offered by the defendants is “not sufficient.” As the suit tells it, the woman anticipates spending “considerable” time and money to mitigate the many harms caused by the data breach, including a lifetime risk of medical fraud.

The lawsuit looks to represent anyone in the United States, including minor children, who had private information accessed and/or acquired as a result of the Delta Dental data breach, including all who were sent notice of the incident.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.

Case Spotlight

Hair Relaxer Lawsuits

Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.

Read more here: Hair Relaxer Cancer Lawsuits

How Do I Join a Class Action Lawsuit?

Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?

Read more here: How Do I Join a Class Action Lawsuit?