DentaQuest Breach: ShinyHunters Publish Data Impacting 2.6M People
June 07, 2026 
ShinyHunters leaked 234 GB of data allegedly stolen from DentaQuest after failed negotiations, potentially impacting 2.6 million people.
The ShinyHunters extortion group has published a 234 GB archive of data allegedly stolen from dental benefits administrator DentaQuest.
The cybercrime gang added the company to its Tor data leak site in May, and the data was released after negotiations reportedly failed. The breach could affect approximately 2.6 million individuals whose information may have been exposed.
The company published a notice confirming it is responding to a cybersecurity incident involving unauthorized access to a limited part of its network. The company quickly moved to contain the attack and says its systems remain operational with minimal disruption.
DentaQuest is working with cybersecurity experts, forensic investigators, and law enforcement to determine the scope of the breach and any data exposure.
“DentaQuest is actively managing a cybersecurity incident involving unauthorized access to a limited portion of our network. Upon discovery of the initial incident, we took immediate action to secure our environment, contain the attack and mitigate the threat.” reads the notice. “Our systems remain fully operational, and we continue to serve our clients with limited disruption.”
The benefits administrator has reported the incident to the authorities, but has not disclosed technical details about the security breach.
According to the data breach notification service HaveIBeenPwned, the leaked data includes 2.6 million email addresses, along with names, phone numbers, addresses, and healthcare-related records, some containing Medicaid IDs.
“In May 2026, the dental benefits administrator DentaQuest was the target of a ShinyHunters “pay or leak” extortion campaign that resulted in the group publicly publishing hundreds of gigabytes of data allegedly obtained from the company. The data included 2.6M unique email addresses along with names, addresses and phone numbers.” reports HaveIBeenPwned. “Much of the data appeared in healthcare enrollment files (ASC X12 transaction sets) with some containing Medicaid IDs, while additional data appeared in member records and related files.”
ShinyHunters is a well-known name in the cybercriminal ecosystem. The group is associated with a broader loosely connected network often referred to as “the Com,” made up largely of young, English-speaking individuals. Their operations typically focus on stealing data from large organizations and using leak sites to pressure victims into paying ransoms in cryptocurrency.
ShinyHunters has recently targeted major companies and organizations, leaking data when ransom demands fail. Victims include the European Commission, Odido, Figure, Canada Goose, Rockstar, Canvas, Carnival, Charter Communications, 7-Eleven, and SoundCloud. The group primarily uses social engineering, especially voice phishing, to steal credentials and access SaaS platforms like Salesforce, Okta, and Microsoft 365.
DentaQuest is one of the largest dental benefits administrators in the United States and a subsidiary of Sun Life Financial. The company manages dental and vision benefits for roughly 32 million Americans, with a strong focus on Medicaid, CHIP, Medicare Advantage, and commercial plans. It operates nationwide and supports care through a network of more than 70 dental practices. Sun Life acquired DentaQuest for approximately $2.5 billion in 2022. The dental business was expected to generate around $100 million in annual earnings, although recent Medicaid-related challenges have weighed on performance.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
Click Here For The Original Source.
