DentaQuest Breach Exposes Data of 2.6 Million Accounts
A data breach at DentaQuest exposed sensitive records for 2.6 million accounts after ShinyHunters publicly leaked more than 234 GB of stolen data. The compromise includes names, government IDs, health insurance details and other personal information, raising risks of phishing and social engineering.
ShinyHunters lists DentaQuest and leaks the data. The group claimed to have stolen more than 234 GB of data. Following what the threat actor describes as a failure to reach an agreement with the company, the data was publicly leaked.
The group claimed to have stolen more than 234 GB of data.
DentaQuest confirms the cybersecurity incident. On June 2, DentaQuest confirmed on its website that its networks had been breached and the incident caused “limited disruption” in customer service. “DentaQuest is actively managing a cybersecurity incident involving unauthorized access to a limited portion of our network,” reads the statement. Upon discovery of the initial incident, the company took immediate action to secure its environment, contain the attack, and mitigate the threat.
DentaQuest engaged external experts to help with the investigation and determine the data that was compromised. “Our systems remain fully operational, and we continue to serve our clients with limited disruption.”
DentaQuest's position in the dental benefits market. DentaQuest, part of Sun Life, is one of the largest dental benefits administrators in the United States. It manages dental insurance plans and provider networks for Medicaid programs, Medicare Advantage plans, employers, health plans, and individual customers. The company says it serves 35 million customers, operates programs in 50 states, and has a network of 140,000 dentists and dental specialists.
The exposed data includes email addresses, full names, phone numbers, government-issued IDs, health insurance information, genders, and dates of birth.
HIBP analysis of the leaked dataset. Have I Been Pwned analyzed the leaked information and found that it contained records for 2.6 million accounts. The exposed data includes email addresses, full names, phone numbers, government-issued IDs, health insurance information, genders, and dates of birth. Although DentaQuest’s statement did not confirm that the data breach affected its clients, HIBP validated the leaked datasets using multiple verification methods.
Overlap with earlier breaches and victim guidance. HIBP also stated that roughly 66% of the exposed records were present in its database from past incidents affecting other organizations and services. People who may have had their information exposed in this incident should be cautious about all incoming communications. The leaked data increases the risk of social engineering and phishing attacks.
EXPERT TAKE
Independent validation by Have I Been Pwned often reveals breach scope when company statements limit discussion of customer impact.
Tap a lens to see what this story means for you.
Reader-supported · Daily Brief
Daily brief at 7 AM ET. Top tech stories, every morning. Sourced and fact-checked.
Reader-supported
The Circuitry is a passion project I've always wanted to build, and I love the work behind it.
Running it costs real money. APIs, hosting, time. To keep improving the site and growing this into something useful for everyone, those costs have to be covered.
Any contribution is appreciated. If not, no pressure. Thanks for reading.