DentaQuest data breach exposes info of 2.6 million members

A massive data breach has hit DentaQuest, a major dental and vision benefits administrator serving millions of patients across all 50 states. The notorious cybercriminal group ShinyHunters has claimed responsibility for stealing and publicly leaking over 234 gigabytes of sensitive data, impacting approximately 2.6 million individuals.

DentaQuest confirmed the unauthorized network access on June 2, 2026, after a failed extortion attempt by the hackers, News.Az reports, citing Rescana.

What information was stolen?
The leaked files contain a treasure trove of highly sensitive Personally Identifiable Information (PII) and Protected Health Information (PHI). If you are a DentaQuest member—including those enrolled via Medicaid or Medicare Advantage—the following data may have been exposed:

Full names and dates of birth

Home addresses, phone numbers, and email addresses

Genders and government-issued IDs

Health insurance details and Medicaid IDs

The stolen data was primarily pulled from healthcare enrollment files and member records. Cybersecurity platforms, including Have I Been Pwned and BleepingComputer, have independently verified the leak, meaning this information is now circulating in the public domain.

Unlike traditional cyberattacks that deploy ransomware or destructive malware, ShinyHunters used a stealthier approach. The group gained access to DentaQuest’s cloud infrastructure using stolen credentials.

Cybersecurity reports indicate the hackers likely harvested legitimate login credentials, OAuth keys, or application access tokens through targeted phishing campaigns. Once inside the cloud environment, they quietly exfiltrated the 234 GB of data without triggering traditional antivirus software, as no malicious code was ever deployed.

While DentaQuest has brought in external cybersecurity experts to secure its environment and investigate the scope of the attack, the company is facing mounting scrutiny. As of June 5, 2026, the breach had not yet been formally reported to the U.S. Department of Health and Human Services (HHS) or state attorney general offices. This delay could potentially violate strict federal and state data breach notification laws.

Because the leaked data includes permanent identifiers like government IDs and health insurance numbers, the risk of identity theft, targeted phishing scams, and medical fraud is exceptionally high for affected individuals.

If you are a DentaQuest member, it is highly recommended that you:

Monitor your accounts: Keep a close eye on your bank statements, medical bills, and insurance explanation of benefits (EOB) statements for any unauthorized activity.

Be alert for phishing: Treat unexpected emails, texts, or phone calls—especially those claiming to be from healthcare providers or government agencies—with extreme suspicion.

Freeze your credit: Consider placing a fraud alert or credit freeze on your files with the major credit bureaus to prevent identity thieves from opening new accounts in your name.

News.Az 

By Aysel Mammadzada