DentaQuest says it is investigating a cybersecurity incident involving unauthorized access to part of its network, following the ShinyHunters extortion group's public leak of data allegedly stolen from the company.
The breach has since been added to Have I Been Pwned (HIBP), which reports that the exposed dataset contains information linked to approximately 2.6 million individuals.
DentaQuest published a notice on June 1, 2026, in which it disclosed that it had detected unauthorized access to a “limited portion” of its network. The company stated that it had taken immediate steps to secure affected systems, contain the intrusion, and mitigate any ongoing threat.
According to DentaQuest, its systems remain operational, and client services continue with limited disruption. The company also said it engaged external cybersecurity specialists, forensic investigators, and law enforcement authorities to assist with the investigation. At the time of publication, DentaQuest said it was still determining the full scope of the incident, including what data may have been accessed or compromised.
DentaQuest is one of the largest dental benefits administrators in the United States, providing dental coverage and administrative services for commercial, Medicaid, and Medicare programs. The company serves millions of members and works with government agencies, insurers, employers, and healthcare providers nationwide, making it a significant repository of sensitive personal and healthcare-related information.
ShinyHunters, a prolific cybercrime group known for “pay-or-leak” extortion schemes, recently added DentaQuest to its leak site. In a later update, the threat actor claimed that negotiations with the company had failed, prompting the public release of data allegedly stolen during the attack.
On June 3, Have I Been Pwned added the breach to its database, describing it as a May 2026 incident in which hundreds of gigabytes of data were allegedly published online by ShinyHunters. According to HIBP's analysis, the leaked information includes approximately 2.6 million unique email addresses, along with names, physical addresses, and phone numbers.
The dataset reportedly contains a large number of healthcare enrollment files formatted as ASC X12 transaction sets, a standard commonly used for electronic healthcare and insurance transactions. Some records allegedly include Medicaid identification numbers, while other files appear to contain member records and related administrative data.
While the 2.6 million affected-account figure has not been officially confirmed by DentaQuest, HIBP employs its own validation and verification procedures before adding breaches to its service. As a result, listings published by the platform are generally considered credible indicators that a dataset is authentic and contains substantial amounts of legitimate user information.
The presence of healthcare-related records raises additional concerns due to the sensitivity of the information involved. Even when medical details are absent, combinations of names, contact information, enrollment data, and government-issued identifiers can increase the risk of phishing attacks, identity fraud, and social engineering campaigns targeting affected individuals.
Leave a Reply