On July 9, 2023, ADSC discovered that an unauthorized third party gained access to a portion of its IT infrastructure and deployed malware which encrypted certain areas of its systems and data. ADSC immediately deployed countermeasures to secure its network and data from further unauthorized access. ADSC also engaged third-party cybersecurity experts to assist in containing and recovering from this incident. Fortunately, ADSC was able to recover its affected systems and data from backup versions.
ADSC discovered that its systems were impacted by malware on July 9, 2023. However, it wasn’t until July 26, 2023 that ADSC identified that registrants and service providers for the Government of Alberta dental benefits programs ADSC administers were potentially impacted.
If you received a letter from ADSC, it’s because your information was identified as having been impacted by this incident, including your personal banking information. Alternatively, if you visited ADSC’s incident webpage and identified with one of the listed categories of affected individuals or groups, your information was likely impacted by this incident as well.
We worked hard to notify all affected individuals as quickly as possible. On July 26, 2023, ADSC discovered that registrants and service providers for the Government of Alberta dental benefits programs it administers were potentially impacted. The full scope of the impact to those individuals and services providers was not verified until August 2, 2023. At that point, ADSC set about crafting a notification plan to ensure that important information was delivered to those impacted as quickly and as effectively as possible.
ADSC has only limited or, in many cases, no contact information whatsoever for registrants in the Government of Alberta dental benefits programs that it administers. In addition, the scope of the impact made it impractical to contact every affected individual directly. In order to ensure that important details were delivered to affected individuals as quickly as possible, ADSC delivered a public notice and made considerable efforts to distribute that information as widely as possible through a number of different channels.
Based on ADSC’s investigation, the information involved in this incident varies depending on the Government dental benefits program an individual was registered in or whether they are a service provider for one of those programs. If you received a written letter from ADSC, it provides the types of information about you determined to have been involved in this incident. If you did not receive a letter but believe you may be impacted, we encourage you to visit ADSC’s incident webpage, to confirm whether you identify with any of the impacted groups and, if so, to learn about the types of information about you which were affected.
ADSC has taken steps to ensure that any personal or corporate information which was accessed or copied from its systems as a result of this incident has been deleted and protected against fraudulent misuse.
Roughly 1.47 million people were affected by this attack on ADSC’s systems. Of those, only about 7,300 had more sensitive information like their bank account information compromised and those individuals have all been notified directly.
After gaining access to ADSC’s IT infrastructure, the unauthorized third party accessed and copied information before deploying the malware which encrypted certain systems and data on the network. If your information was involved in this incident, it means that it was accessed or copied by the unauthorized third party. It may have been encrypted by malware on ADSC’s systems as well, but not necessarily.
If your spouse did not receive a letter from ADSC regarding this incident we encourage them to visit ADSC’s incident webpage, to confirm whether they identify with any of the impacted groups and, if so, to learn about the types of information about them which were affected.
ADSC has security measures in place that allow it to take prompt action against attempted intrusions into its network. Those measures were implemented here. However, incidents of this nature are not always preventable. As the investigation unfolds, ADSC will continue working with third-party cybersecurity experts to understand how the incident occurred and how it can further improve its security measures moving forward.
Fortunately, ADSC was able to recover the affected systems and data relatively quickly with only minimal data loss and disruption to its operations. ADSC worked closely with its cybersecurity experts to restore operations to ensure that it can continue it important work in as secure a manner as possible.
The forensic investigation into this incident is ongoing including the assessment of root cause.
As this matter is under active investigation, we are unable to provide details of that nature.
Moving Forward
ADSC has taken steps to ensure that any personal or corporate information which was accessed or copied from its systems as a result of this incident has been deleted and protected against fraudulent misuse and has no evidence at this point to suggest any misuse has taken place.
Law enforcement has been notified of this incident and ADSC is cooperating fully with those authorities.
ADSC takes the protection of your information very seriously.
ADSC has taken steps to ensure that any personal or corporate information which was accessed or copied from its systems as a result of this incident has been deleted and protected against fraudulent misuse. In addition, ADSC is working with third-party cybersecurity experts to complete a comprehensive investigation and has implemented enhanced security safeguards to prevent incidents of this nature from occurring in future.
ADSC’s systems are being monitored 24/7 and to date, there has been no evidence of any ongoing unauthorized activity within the network.
ADSC anticipates that it may take up to several more weeks before the comprehensive investigation is complete. ADSC elected to notify impacted individuals and organizations as soon as possible, rather than wait for the investigation to be fully completed.
Identity Theft Concerns
There are a variety of steps you can take. The notification letter you received from ADSC and the public notice on ADSC’s website contains helpful information and resources you can utilize to help protect yourself against threats like identity theft and fraud. If at any time you believe you are a victim of identity theft or financial fraud, we recommend you contact your financial institution and local law enforcement to file a report.
ADSC takes the protection of your information very seriously.
In addition to notifying all impacted individuals and organizations as soon as possible, ADSC has reported the incident to law enforcement and appropriate regulatory bodies. The letter you received or the public notice on ADSC’s website includes helpful information about steps you can take to further protect yourself and your information should you wish to do so.
If your personal banking information was involved in this incident, you should have received a letter from ADSC with details for enrolling in the complimentary credit monitoring and identity protection services offered to you. Individuals whose banking information was not involved are not being offered credit monitoring services as the types of information impacted are not sufficient to commit harm such as identity theft or financial fraud.
ADSC takes the protection of your information very seriously and sincerely regrets that this incident occurred as well as any distress it may have caused you. ADSC worked hard to notify all impacted individuals and organizations as quickly as possible and to provide everyone with information and tools they can use to further protect themselves should they wish to do so. In addition to that, ADSC took steps to ensure that any personal or corporate information which was accessed or copied from its systems as a result of this incident has been deleted and protected against fraudulent misuse.
ADSC has taken steps to ensure that any personal or corporate information which was accessed or copied from its systems as a result of this incident has been deleted and protected against fraudulent misuse. That said, if you have reason to believe you have or will be the target of criminal activity, we recommend that you report the matter to your local law enforcement.
The information involved in this incident is unlikely to be sufficient to commit a serious offence such as identity theft. In addition, ADSC has taken steps to ensure that any personal or corporate information which was accessed or copied from its systems as a result of this incident has been deleted and protected against fraudulent misuse. In the unlikely event you are subject to an identity theft, we recommend you report the matter to your financial institution and local law enforcement immediately. If you received complimentary credit monitoring services through ADSC as a result of your personal banking information having been impacted in this incident, there are services available to you through that product, including a fraud specialist and insurance coverage to help you recover your identity.