Back

DentaQuest Data Breach Exposes 2.6 Million Accounts

Severity: High (Score: 67.5)

Sources: www.dentaquest.com, Bleepingcomputer, haveibeenpwned.com

Published: 2026-06-04 · Updated: 2026-06-04

Keywords: data, million, accounts, dentaquest, breach, exposed, dental

Severity indicators: breach

Summary

DentaQuest, a major dental benefits administrator, experienced a data breach affecting 2.6 million accounts. The breach was attributed to the ShinyHunters group, which claimed to have stolen over 234 GB of data. The leaked information includes sensitive details such as names, email addresses, phone numbers, and Medicaid IDs. DentaQuest confirmed unauthorized access to a portion of its network and stated that it has contained the attack. The company is working with external experts to assess the breach's impact. Users are advised to be cautious of phishing attempts due to the leaked data. Have I Been Pwned verified the breach and noted that 66% of the exposed records were previously known from other incidents. Key Points: • DentaQuest confirmed a data breach affecting 2.6 million accounts. • The breach was linked to the ShinyHunters extortion group. • Sensitive data including Medicaid IDs and personal information was leaked.

Detailed Analysis

**Impact** The breach affected 2.6 million unique accounts managed by DentaQuest, a major U.S. dental benefits administrator serving 35 million customers across all 50 states. Exposed data includes names, email addresses, physical addresses, phone numbers, Medicaid IDs, and healthcare enrollment files (ASC X12 transaction sets). The incident risks increased social engineering and phishing attacks targeting affected individuals. Operational disruption was limited, with DentaQuest confirming containment and continued service availability. **Technical Details** The attack involved unauthorized network access followed by a failed extortion attempt by the ShinyHunters group, who publicly leaked over 234 GB of data. The breach was part of a "pay or leak" campaign, but specific initial attack vectors, exploited vulnerabilities, or malware used were not disclosed. The leak included healthcare enrollment and member records, indicating access to sensitive backend systems. No CVEs or detailed TTPs were provided. **Recommended Response** Affected individuals should immediately change passwords on all accounts where reused and enable multi-factor authentication where available. Security teams should monitor for phishing and social engineering attempts leveraging leaked personal information. Organizations should review network access controls and engage in breach and attack simulations to test detection capabilities, as many attacks remain undetected. No specific patches or IOCs were provided for direct blocking.

Source articles (3)

  • DentaQuest data breach exposed info of 2.6 million accounts — Bleepingcomputer · 2026-06-04
    A data breach at the dental benefits administrator DentaQuest has reportedly exposed the sensitive data of 2.6 million accounts. The security incident came to light last month, when the infamous extor…
  • 2.6 million accounts — haveibeenpwned.com · 2026-06-04
    In May 2026, the dental benefits administrator DentaQuest was the target of a ShinyHunters "pay or leak" extortion campaign that resulted in the group publicly publishing hundreds of gigabytes of data…
  • Security Update 0526 — www.dentaquest.com · 2026-06-04

Timeline

  • 2026-05-01 — DentaQuest data breach reported: ShinyHunters claimed to have stolen over 234 GB of data from DentaQuest, leading to a public leak.
  • 2026-06-02 — DentaQuest confirms breach: DentaQuest acknowledged unauthorized access to its network and stated the incident caused limited disruption.
  • 2026-06-03 — Have I Been Pwned analyzes leaked data: HIBP confirmed that the leaked dataset contained records for 2.6 million accounts, including sensitive information.

Related entities

  • ShinyHunters (Apt Group)
  • Data Breach (Attack Type)
  • ShinyHunters Pay Or Leak Extortion Campaign (Campaign)
  • DentaQuest (Company)
  • United States (Country)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • Healthcare (Industry)
  • T1041 - Exfiltration Over C2 Channel (Mitre Attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed