Delta Dental: Frequently Asked Questions (FAQs)

1. What has happened?

Delta Dental, a third-party administrative services provider for the MasTec Care Opt Plus Group Benefits For Hourly & Salaried Employees Plan, informed us that Delta Dental was impacted by a critical vulnerability in MOVEit, a software product that Delta Dental uses to transfer files. A third-party actor was able to download unspecified MasTec files from Delta Dental’s network by exploiting the MOVEit vulnerability. The vulnerability has impacted thousands of companies and governments worldwide according to press reports.

2. What type of data was downloaded by the third-party actor?

Delta Dental’s investigation is still ongoing. Based on the information available to MasTec at this time, the MasTec files that were downloaded from Delta Dental’s network include the following information about individuals that were enrolled in the Plan: name, Social Security number, date of birth, gender, member contact information, member ID, eligibility dates, and provider information.

3. When did this happen?

Delta Dental indicated that the third party had access to its MOVEit server between May 27 and May 30, 2023.

4. Why did I receive this letter?

You received this letter because your information was obtained by a third-party actor that exploited a vulnerability in Delta Dental’s MOVEit Transfer server.

5. Why wasn’t I contacted sooner?

We have been working diligently with Delta Dental and on our own to investigate the incident and identify what information and individuals were affected. Once we confirmed the scope of the incident, we took steps to notify you.

6. What services does Delta Dental provide to MasTec?

Delta Dental provides dental insurance and related dental plan administration services to MasTec.

7. How do I know if my personal information has been compromised by the Delta Dental incident?

We have sent a letter to all MasTec dental plan members who we have determined have been impacted by this Delta Dental incident.

8. Will I be offered identity theft protection services if my personal information has been compromised?

Yes, MasTec will provide identity theft protection services to impacted MasTec plan members at no cost.

9. Does MasTec use the MOVEit product?

No, MasTec does not use the MOVEit file transfer product for any purposes.

10. Is Delta Dental the only company that has been impacted by the MOVEit vulnerability?

No, publicly available information suggests that thousands of companies and governments worldwide have been impacted by the MOVEit vulnerability. We also believe that other Delta Dental customers have been similarly impacted.

11. What steps were taken to respond to the incident?

When Delta Dental became aware of this incident, Delta Dental promptly took the affected application offline and updated systems to secure vulnerabilities and prevent further access. Outside advisors and cybersecurity experts were retained to assist in the evaluation of the situation. When MasTec became aware of the incident, MasTec promptly launched an investigation to determine the potential impact to its dental plan members’ personal information.

12. What have you done to keep this from happening again?

MasTec has further been in contact with Delta Dental to confirm that Delta Dental has implemented corrective actions to help protect your information from further security incidents.

13. What should I be doing?

The notification letter we sent provides additional steps that you can take to protect your information, including instructions for enrollment in complimentary credit monitoring and identity theft protection services. As always, we recommend you remain vigilant at work and at home, especially to targeted phishing attacks. You also should monitor and pay extra attention to your account activity, including your bank account, financial and benefits accounts. And you may obtain a copy of your credit report, directly and free of charge, from each of the three nationwide credit reporting companies. To order your annual free report please visit www.annualcreditreport.com, call toll free at 1-877-322-8228, or directly contact the three nationwide credit reporting companies:

14. Should I request a fraud alert from the credit reporting agencies? What is a fraud alert?

That is your choice. There are two types of fraud alerts you can place on your credit report to put your creditors on notice that you may be a victim of fraud—an initial alert and an extended alert. You may ask that an initial fraud alert be placed on your credit report if you suspect you have been, or are about to be, a victim of identity theft. An initial fraud alert stays on your credit report for at least one year. You may have an extended alert placed on your credit report if you have already been a victim of identity theft with the appropriate documentary proof. An extended fraud alert stays on your credit report for seven years. You can place a fraud alert on your credit report by calling the toll-free fraud number of any of the three national credit reporting agencies as follows:

Equifax: 1-888-766-0008, https://www.alerts.equifax.com 

Experian: 1-888-397-3742, https://www.experian.com/fraud/center.html

TransUnion: 1-800-680-7289, https://www.transunion.com/fraud-victim-resource/place-fraud-alert

15. Are you offering credit monitoring?

Yes. Information on the complimentary services we are providing are included in the letter you received.

16. I use / am buying another credit monitoring / identity protection product. I want MasTec to reimburse me. Whom do I speak with?

We are not reimbursing individuals for credit monitoring services purchased outside of those being offered through Experian. Additional information about these services is contained in the letter you received.

17. Will enrolling in credit monitoring affect my credit?

No. Enrollment in the credit monitoring and identity theft protection services, provided at no cost to you, will not affect your credit.

18. Should I sign up for the online credit monitoring services?

That is your choice. Information on the product we are offering is included in the letter you received.

19. Will I be automatically charged after the complimentary credit and identity monitoring service expires?

No, you will not be charged automatically after your complimentary credit and identity monitoring services expire. You do not need to provide any payment information to enroll in the complimentary services.

20. Why do I need to provide my Social Security number to Experian when I register online?

Experian needs specific personal information to enroll you in credit monitoring and to confirm that you are who you say you are. Without this information, Experian can’t access your credit file in order to monitor it.

21. My activation code is not working, what do I do?

We apologize for the inconvenience this has caused. We have confirmed with Experian that these codes are valid and active. Please contact Experian Customer Service at the number provided in your letter. They will be able to assist you with any issues you have with your activation code. They will also be able to enroll you over the phone.

22. Is the notice legitimate? Is this a scam?

I can assure you the notice is legitimate. Safeguarding personal information is a priority, and we take these types of issues very seriously.