DentaQuest

In May 2026, ShinyHunters listed DentaQuest on their data leak site, claiming to have stolen more than 234 gigabytes of data. DentaQuest confirmed the breach on June 2, stating unauthorized access occurred on a portion of their network.

Negotiations broke down. ShinyHunters released the entire archive onto the dark web. Have I Been Pwned verified the dataset: 2.6 million accounts, with much of the data appearing in healthcare enrollment files—ASC X12 transaction sets containing Medicaid IDs and detailed member records.

Full names. Email addresses. Phone numbers. Government-issued IDs. Health insurance information. Medicaid IDs. Dates of birth. Gender data. The files included healthcare enrollment records—the structured transaction formats used for Medicaid and insurance claims processing.

DentaQuest manages dental insurance plans for Medicaid programs, Medicare Advantage plans, employers, and individual customers across 50 states. The stolen data represents the enrollment and claims infrastructure for some of the most vulnerable populations in the healthcare system.

Medicaid recipients. Medicare Advantage enrollees. Families with dental coverage through their employers. 2.6 million people who gave their government IDs and insurance information to access dental care now have that data circulating freely on criminal marketplaces.

Government-issued IDs combined with health insurance information enable medical identity theft—fraudulent claims filed under stolen identities. Medicaid IDs are particularly valuable because they're tied to government benefits that can be redirected. The harm extends beyond identity theft into healthcare fraud that can affect victims' medical records and coverage.

DentaQuest serves 35 million customers through a network of 140,000 dental providers. They operate programs in all 50 states. They're a subsidiary of Sun Life, a major financial services company with enterprise security standards.

The company emphasized that "systems have remained fully operational" and they "continued to serve clients with limited disruption." Operations kept running. The breach was contained. But 234GB of patient data was already gone—and the attackers decided to publish it.

234 gigabytes of healthcare enrollment files, Medicaid records, and member data—exfiltrated before anyone noticed. The ASC X12 transaction sets indicate the attackers reached deep into claims processing infrastructure, not just peripheral systems.

As of this writing, DentaQuest has not yet reported the breach to HHS or state attorney general offices—potentially violating federal and state notification laws. When you don't know exactly what data was compromised, notification timelines slip while you figure out the scope.

2.6 million individuals across 50 states. HIPAA's 60-day notification rule is ticking. State attorneys general have their own requirements. The data is already public on the dark web—making the notification process a race against fraud that's already possible.

ShinyHunters has been on a 2026 tear, hitting major brands across travel, entertainment, and healthcare. They don't just encrypt—they exfiltrate and publish. When negotiations fail, the data goes public. That changes the calculus of every breach response decision.