Notice of Security Incident Related to MOVEit Vulnerability
A recent global cybersecurity incident involving MOVEit Transfer has resulted in the potential exposure of personal data for millions of individuals around the world. MOVEit Transfer is a popular filesharing software used by government agencies, financial firms, universities, and other well-respected organizations. On May 31, 2023, Progress Software, the owner of MOVEit, announced a previously unknown (aka “zero-day”) vulnerability in its MOVEit Transfer application. That vulnerability, which allowed unauthorized actors to defeat MOVEit’s security measures, was exploited and resulted in the potential exposure of sensitive information for any organization utilizing the software.
A third-party vendor that we use for unclaimed property services, Sovos Compliance, LLC (“Sovos”) recently confirmed to us that it was impacted by the MOVEit incident. Upon learning of the incident, Sovos immediately took the affected application offline and activated its incident response procedures.
Outside advisors and cybersecurity experts were retained to assist in the investigation and Sovos notified federal law enforcement. Sovos determined unauthorized actors exploited the then-unknown MOVEit vulnerability to download certain files containing personal information. The personal information impacted varies by individual but may include some or all of the following data elements: name, address, claim number, social security number, and date of birth. On May 27, 2023, the first unauthorized access to Sovos’ MOVEit Transfer web application occurred. The last unauthorized download occurred on May 30, 2023, before Progress Software made Sovos aware of the vulnerability in the MOVEit application or disclosed it publicly.
While the MOVEit incident did not impact Delta Dental of Iowa’s own computer systems, we are working with Sovos to notify all individuals who were affected by this incident. Around August 23, 2023, Sovos started sending notification letters to affected individuals and is offering two years of complimentary credit monitoring services through Kroll.
To take advantage of these credit monitoring services, please follow the instructions in the letter you receive from Sovos. Sovos has also established a dedicated call center to answer any questions you may have regarding this incident or the services available to you. You can reach a live representative at the Sovos call center by dialing its toll-free number 866-373-7132 anytime Monday through Friday during the hours of 9:00 a.m. to 6:30 p.m. (Eastern Time). If you believe you have been affected by this incident but did not receive a letter from Sovos, please speak with one of our customer service representatives by calling our dedicated call center during normal business hours at 800-544-0718.
Because the MOVEit vulnerability has been so widespread across government agencies and global enterprises, we encourage individuals to remain vigilant against attempts at identity theft or fraud and to take proactive measures to protect your information, including the following no-cost steps:
- Carefully reviewing online and financial accounts, credit reports, and Explanations of Benefits (“EOBs”) for suspicious activity. If suspicious activity is identified, contact the company that maintains the account.
- Obtain a free copy of your credit report by visiting Annual Credit Report.com, calling 877-322-8228, or directly contacting the leading nationwide credit reporting companies:
- Consider placing fraud alerts or credit freezes with the credit reporting companies. For more information about fraud alerts and credit freezes, visit the Federal Trade Commission's website.
- Stay alert for emails, phone calls, or messages from unknown sources asking for personal or business information.
- If you believe you are a victim of identity theft, immediately file a police report and notify the Federal Trade Commission via IdentityTheft.gov. If you believe that your Social Security information has been compromised, contact Social Security Administration’s toll-free number: 800-772-1213.
Posted: October 27, 2023