DentaQuest Data Breach Exposes 2.6 Million Accounts

A DentaQuest data breach has exposed personal and health-related information belonging to 2.6 million people after an extortion group published more than 234 GB of stolen files online. The breach affects one of the largest dental benefits administrators in the United States, a company that manages coverage for Medicaid and Medicare Advantage programs across all 50 states.

The incident became public after the threat group ShinyHunters listed DentaQuest on its data leak site. Negotiations between the group and the company broke down, and the data was released publicly. DentaQuest confirmed the breach on June 2, acknowledging unauthorized access to a portion of its network.

What Was Exposed

The leaked dataset contains a broad range of sensitive information. Records include full names, email addresses, phone numbers, dates of birth, gender data, physical addresses, government-issued IDs, and health insurance details.

For the people affected, the combination of identity data and health insurance information creates real risk. Government-issued IDs paired with insurance records can support fraudulent benefits claims, a category of harm that goes beyond standard identity theft.

A breach alerting service analyzed the leaked files and confirmed the 2.6 million account figure. Notably, roughly two-thirds of those records had already appeared in earlier breach incidents tracked in the same database, meaning a significant portion of affected individuals have had their data exposed more than once.

Who DentaQuest Serves

DentaQuest, part of Sun Life, administers dental benefits for Medicaid programs, Medicare Advantage plans, employer groups, health plans,and individual customers. The company works with approximately 140,000 dental providers and says it serves 35 million customers nationwide.

That scale matters in this context. The DentaQuest data breach did not affect a general consumer platform. It affected a benefits administrator whose membership base includes a large proportion of Medicaid enrollees, including low-income individuals and families who depend on state-administered coverage. These populations often have limited access to credit monitoring tools and fewer resources to respond when their data appears in a breach.

ShinyHunters and the Extortion Model

ShinyHunters has been one of the most active data theft and extortion groups operating over the past year. The group follows a consistent pattern: breach a target, claim the theft publicly, enter negotiations, and publish the data if no agreement is reached. DentaQuest followed that same arc.

SafeState has covered ShinyHunters extensively in recent months. The group ran a sustained campaign targeting misconfigured Salesforce Experience Cloud sites, breaching several hundred organizations. More recently, it was linked to the supply chain compromise of an analytics vendor that exposed user data across multiple downstream platforms. The DentaQuest breach fits within that broader pattern of large-scale data acquisition followed by public leaks when extortion fails.

Regulatory Exposure

The breach carries significant regulatory weight. DentaQuest operates within HIPAA's framework as a covered health plan and as a business associate to state Medicaid agencies. Breaches affecting more than 500 individuals require notification to the U.S. Department of Health and Human Services. At 2.6 million records, this incident sits well above that threshold and will likely draw active scrutiny from federal regulators and state attorneys general.

State Medicaid agencies whose beneficiaries appear in the leaked dataset face their own notification obligations. The combination of a large affected population, sensitive health data, and Medicaid program involvement means the regulatory fallout from this DentaQuest data breach will likely extend well beyond the company itself.

What Affected Individuals Should Do

People who hold or have held dental coverage through a Medicaid or Medicare Advantage plan administered by DentaQuest should assume their records may be included in the leaked data. The exposed information is sufficient to support phishing attacks, benefits fraud, and identity theft.

Monitoring for unexpected benefits activity, placing a fraud alert with a credit bureau, and being cautious about unsolicited contact claiming to be from dental providers or insurance administrators are all reasonable steps. Anyone who receives an official notification from DentaQuest should follow the guidance provided and retain any documentation related to theincident.

DentaQuest has engaged external cybersecurity experts and notified law enforcement. Its investigation into the full scope of the breach is ongoing.