American Dental Association notifies some DENTPIN users of breach
The American Dental Association is notifying some professionals and students who have DENTPIN identifiers that their personal information may have been exposed to others. DENTPIN identifiers are used to enable professionals and students to register for tests or request their test scores.
On April 30, the ADA upgraded its website, including the DENTPIN database. That evening, there was a configuration error involving DENTPIN assignments that caused 27 professionals and students who applied for DENTPINS to be assigned DENPTINS that had already been assigned to other individuals. In one case, the ADA writes, two applicants were assigned an existing DENTPIN, so the total number of individuals whose DENTPINs were reassigned is 26.
Social Security numbers or Canadian Social Insurance Numbers were accessible for 18 of the 26 individuals. Those whose DENTPINs were mistakenly reassigned also had their name, address, gender, date of birth, daytime phone and e-mail address exposed to the applicant erroneously given their DENTPIN if the individual accessed the site during the 15-hour window when the problem existed.
The error was discovered the following morning after two applicants notified ADA of the error. The ADA then shut down the system to investigate and correct the configuration error.
The ADA has since modified its system so that it no longer routinely displays SSN or SIN when someone logs in to the system to initiate a transaction.
You can read the ADA’s May 6th notification to the Maryland Attorney General here (pdf). They do not mention offering those affected any free credit monitoring services.