DentaQuest Data Breach

What Happened

In May 2026, the dental benefits administrator DentaQuest was the target of a ShinyHunters "pay or leak" extortion campaign that resulted in the group publicly publishing hundreds of gigabytes of data allegedly obtained from the company. The data included 2.6M unique email addresses along with names, addresses and phone numbers. Much of the data appeared in healthcare enrollment files (ASC X12 transaction sets) with some containing Medicaid IDs, while additional data appeared in member records and related files. DentaQuest acknowledged "a cybersecurity incident involving unauthorized access to a limited portion of our network", and advised they had contained the attack and mitigated the threat.

Compromised Data

Dates of birth

Email addresses

Genders

Government issued IDs

Health insurance information

Names

Phone numbers

Physical addresses

Recommended Actions

Sponsored

Use a password manager to generate and store strong, unique passwords for all your accounts. 1Password helps protect your data with industry-leading security.

Breach Overview

Affected Accounts:

2.6 million
Breach Occurred:

May 2026
Added to HIBP:

3 Jun 2026
Official disclosure statement

Recommended Actions

Change Your Password

If you haven’t already changed the password affected by this breach, do so immediately on every account where it was used.

Enable Two-Factor Authentication

Wherever 2FA is supported, add an extra layer of security to your account.

Sponsored

Use a password manager to generate and store strong, unique passwords for all your accounts. 1Password helps protect your data with industry-leading security.