I first saw this in the Kim Komando email newsletter, and then I decided to look this up to see what the press is saying.
Stop me if you’ve seen this before. The info that was supposedly taken may include: full name, email address, phone number, government issued identification, Health insurance information, genders and dates of birth.
While I could continue to rail about the fact that we continue to see this, we must always step back and ask how this happened to begin with.
The company is claiming unauthorized access, and of course its unauthorized. But what I really want to know is whether it was through a vulnerability, through social engenieering, or some other method. The article doesn’t say.
A data breach at the dental benefits administrator DentaQuest has reportedly exposed the sensitive data of 2.6 million accounts.
The security incident came to light last month, when the infamous extortion group ShinyHunters listed the company on its data leak site and claimed to have stolen more than 234 GB of data.
Following what the threat actor describes as a failure to reach an agreement with the company, the data was publicly leaked.
Shiny Hunters has been very busy, going after all kinds of companies and if I remember correctly, their MO is social engineering.
So … what to do? If the Hunter group say comes in and says they’re the IT department, and you don’t deal with IT, how should we handle this? My hunch would say something to the effect that I don’t deal with IT, I would need to verify whether they need access … if that is what happened.
The article continues:
DentaQuest, part of Sun Life, is one of the largest dental benefits administrators in the United States. It manages dental insurance plans and provider networks for Medicaid programs, Medicare Advantage plans, employers, health plans, and individual customers.
So how did they protect the customer base? That’s my question.
The company says it serves 35 million customers, operates programs in 50 states, and has a network of 140,000 dentists and dental specialists.
So … 2.6m is only a subset, and according to HIBP, who investigates data, this is going to get interesting because there is more customers that could be at risk if they aren’t because they’re in other breaches alone.
Although DentaQuest’s statement did not confirm that the data breach affected its clients, HIBP is known to validate leaked datasets using multiple verification methods.
HIBP also stated that roughly 66% of the exposed records were present in its database from past incidents affecting other organizations and services.
People who may have had their information exposed in this incident should be cautious about all incoming communications, as the leaked data increases the risk of social engineering and phishing attacks.
Here’s what to read
This … is getting really old. Really old. Companies must start to do a better job in protecting our data. I’m not saying I’m never going to have a problem and I’m a one man company. But I must be doing something right if to my knowledge I’ve not been breached.
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.