DentaQuest handles dental benefits for millions of people. Now, data tied to 2.6 million accounts has surfaced in a public breach listing.
DentaQuest confirmed a cybersecurity incident involving unauthorized access to a limited portion of its network, though its investigation is still ongoing. Have I Been Pwned said the leaked dataset included email addresses, names, phone numbers, dates of birth, government-issued IDs, and health insurance information.
DentaQuest says systems remain operational
DentaQuest stated it was “actively managing a cybersecurity incident involving unauthorized access to a limited portion of our network,” according to a company update.
The company said it took immediate steps to secure its environment, contain the attack, and mitigate the threat. “Our systems remain fully operational, and we continue to serve our clients with limited disruption,” DentaQuest said.
DentaQuest noted it was working with a cybersecurity expert, forensic investigators, and law enforcement authorities. The company also said it was still working to determine the exact scope of the incident, including the nature and extent of any data that may have been compromised.
Breach data appears on public leak site
BleepingComputer reported that the incident surfaced after ShinyHunters listed DentaQuest on its data leak site and claimed to have stolen more than 234 GB of data. The report said the data was later publicly leaked after the threat actor claimed negotiations failed.
Have I Been Pwned listed the DentaQuest breach on June 3 and said the incident occurred in May 2026. The breach notification service said the exposed data included 2.6 million unique email addresses, along with names, addresses, phone numbers, dates of birth, genders, government-issued IDs, and health insurance information.
Have I Been Pwned also said that about 66% of the exposed records had appeared in its database from previous breaches affecting other organizations and services.
Must-read security coverage
- UK Police Convicts Pair in £5.5 Billion Bitcoin Launder Case
- Blackpoint Cyber vs. Arctic Wolf: Which MDR Solution is Right for You?
- How GitHub Is Securing the Software Supply Chain
- 8 Best Enterprise Password Managers
Questions remain about the scope
DentaQuest has not publicly confirmed the 2.6 million figure or the full set of affected data elements identified by Have I Been Pwned.
The company is part of Sun Life and manages dental insurance plans and provider networks for Medicaid programs, Medicare Advantage plans, employers, health plans, and individual customers. DentaQuest says it serves 35 million customers, operates programs in 50 states, and works with a network of 140,000 dentists and dental specialists.
For now, the main unanswered question is how closely the leaked dataset aligns with DentaQuest’s ongoing investigation. While the company has confirmed unauthorized access, it has not yet disclosed how many individuals may ultimately be affected or what information was accessed.
Read more: Instructure confirmed a Canvas breach after ShinyHunters claimed in May that data tied to 275 million users and nearly 9,000 schools was affected.