Industry - Enforcement
Executive Summary
New York regulators fined Delta Dental $2.25 million after the company failed to adequately protect consumer data and delayed reporting a breach that exposed names, Social Security numbers, financial details, and health information of New Yorkers. Investigators found Delta Dental did not address a known vulnerability in MOVEit Transfer servers despite state warnings in June 2023, allowing hackers to exploit the weakness and steal sensitive data. The penalty reflects violations of New York's c...
What Happened
In May 2026, New York's Department of Financial Services fined Delta Dental Insurance Company and Delta Dental of New York $2.25 million for cybersecurity failures that led to a data breach. Hackers exploited a known vulnerability in MOVEit Transfer servers to steal sensitive information including names, addresses, Social Security numbers, financial account details, and patient health information belonging to New Yorkers. State regulators had warned companies about the MOVEit vulnerability in June 2023, but investigators found Delta Dental failed to adequately address the risk and did not promptly report the breach as required by law, with consumer notifications not going out until March 2024.
Who Is Affected
New Yorkers whose personal information was stored by Delta Dental are affected, with exposed data including highly sensitive categories such as Social Security numbers, financial account details, and patient health information. The breach impacts dental insurance customers who entrusted Delta Dental with their personal and medical data. The source material does not specify the total number of individuals affected.
Why It Matters
This case demonstrates regulatory enforcement of cybersecurity requirements for financial and healthcare institutions, establishing accountability when companies fail to act on known security warnings. The significant penalty reflects New York's commitment to holding organizations responsible for protecting consumer data and promptly reporting breaches. The incident highlights systemic risks when companies delay patching widely-publicized vulnerabilities, potentially exposing millions of consumers to identity theft and fraud.
What You Should Do
If you are a Delta Dental customer in New York who received a breach notification in March 2024, monitor your credit reports closely for suspicious activity and consider placing a fraud alert or credit freeze with the major credit bureaus. Review your financial accounts and health insurance statements for unauthorized transactions or claims. Given the exposure of Social Security numbers, affected individuals should be vigilant against identity theft and phishing attempts for years to come, and may want to consider identity theft protection services.
Summary generated from verified sources and reviewed before publication. How we summarize.