DentaQuest, a dental benefits administrator, had data on approximately 2.6 million individuals publicly leaked by the ShinyHunters group following an extortion campaign in May 2026.
What happened
According to HIBP, in May 2026 the ShinyHunters cybercrime group targeted DentaQuest with a "pay or leak" extortion campaign. When the company did not comply, the group publicly released hundreds of gigabytes of data allegedly taken from DentaQuest's systems. DentaQuest acknowledged a cybersecurity incident involving unauthorized access to a limited portion of its network, and stated it had contained the attack and mitigated the threat.
What was exposed
Reported by HIBP, the leaked data included names, email addresses, physical addresses, phone numbers, dates of birth, genders, health insurance information, and government-issued IDs. Much of the data appeared in healthcare enrollment files using ASC X12 transaction sets, with some records containing Medicaid IDs. Member records and related files were also among the exposed data.
Who is affected
Approximately 2.55 million individuals are reported to be affected, according to HIBP. Given the nature of DentaQuest's business as a dental benefits administrator, those affected are likely current or former plan members, including Medicaid enrollees.
What to do now
If you are or were a DentaQuest member, monitor your health insurance accounts and explanation-of-benefits statements for any unauthorized activity. Because government-issued IDs and Medicaid IDs were exposed, consider placing a fraud alert or credit freeze with the major credit bureaus. Watch for phishing attempts that may use your personal details to appear legitimate. Check DentaQuest's official security update page for any notifications or remediation steps the company is offering.