DentaQuest Data Breach: Data of 2.6 Million Individuals Leaked
The dental benefits administrator DentaQuest has recently disclosed a cybersecurity incident that is currently under investigation. While DentaQuest has yet to confirm the extent of the data breach, security researchers have been analyzing a data dump and report that the records of more than 2.6 million individuals are present in the leaked dataset.
DentaQuest is the largest dental benefits administrator in the United States based on membership, covering more than 33 million individuals. DentaQuest is a subsidiary of Sun Life Financial and manages both dental and vision benefits, with a focus on Medicaid, CHIP, Medicare Advantage, and commercial plans, supporting care through more than 70 dental practices. The company was acquired by Sun Life in 2022 for $2.5 billion.
DentaQuest said it is actively managing a cybersecurity incident involving unauthorized access to a limited portion of its network. When the incident was detected, immediate action was taken to secure its environment and contain and mitigate the threat. Third-party cybersecurity specialists have been engaged to investigate the incident to determine the nature and scope of any unauthorized data access. DentaQuest said its systems remain fully operational and clients continue to be served with limited disruption.
Around the time of the data breach disclosure, the ShinyHunters data theft and extortion group made its own announcement, claiming responsibility for the attack. ShinyHunters is an English-speaking threat group that specializes in big game hunting, targeting large organizations, breaching their networks, exfiltrating data, and then demanding payment to prevent the stolen data from being published online. The group is behind attacks on the European Commission, Rockstar Games, Carnival, 7-Eleven, and SoundCloud, to name just a few. The group is known to use social engineering and phishing to obtain credentials to access Microsoft 365, Salesforce, Okta, and other SaaS platforms.
The DentaQuest cyberattack occurred in May 2026, and when ShinyHunters failed to be paid, the group proceeded to leak around 234 GB of stolen data. Security researchers have been analyzing the data, much of which appeared in healthcare enrollment files (ASC X12 transaction sets). According to Have I Been Pwned (HIBP), its analysis identified around 2.6 million unique email addresses, along with names, physical addresses, phone numbers, and data such as Medicaid IDs. HIBP said that its analysis shows that around two-thirds of the email addresses were already in its database, having previously been obtained in other data breaches.
Email addresses are among the most commonly breached data, as they are used as usernames on many platforms; however, it is the data that accompanies those email addresses that is particularly concerning. Security researchers have identified what appear to be Social Security numbers, other government-issued IDs, dates of birth, health insurance information, and other sensitive data in the dumped data. It will likely take months for DentaQuest to analyze the stolen data and provide a final total of the number of affected individuals and the exact types of data involved.
