SHINYHUNTERS has published a trove of data allegedly stolen from DentaQuest, exposing the personal and health information of roughly 2.6 million individuals. The group posted the data after negotiations for a ransom broke down, according to the company’s advisory DentaQuest confirmed the breach.
The leaked package totals about 234 GB and includes names, email addresses, phone numbers, dates of birth, government identifiers and health‑insurance details. No CVE identifiers have been associated with the exposure, indicating the compromise likely stemmed from unauthorized access rather than a known software flaw. The breach was highlighted by SecurityAffairs, which noted the data appeared after ransom talks collapsed SecurityAffairs.
ShinyHunters first contacted DentaQuest with a ransom demand, but when the payment was not met the actors released the information on a public leak site. SecurityWeek detailed that the stolen archive circulated on forums linked to the group within days of the failed negotiation SecurityWeek. The company acknowledged the incident and said it is working with cybersecurity experts and law‑enforcement investigators.
DentaQuest administers dental benefits for about 35 million people across the United States and operates as a subsidiary of Sun Life. The scale of the incident therefore raises concerns for a broad base of patients, providers and employers who rely on its services. Although the firm maintains that core systems remain operational, the exposure of personal and health data heightens the risk of identity theft and fraud.
Individuals whose data appeared in the leak should monitor their financial accounts for unusual activity and consider placing fraud alerts with credit bureaus. They should also be wary of phishing attempts that reference the breach or use leaked personal details to appear credible. Organisations that share data with DentaQuest are advised to review access logs, enforce multi‑factor authentication on privileged accounts and rotate any credentials that may have been exposed. Regular credential hygiene and network segmentation can limit the value of any stolen information to attackers.
DentaQuest said it is working with external cybersecurity experts and law‑enforcement investigators to determine the full scope of the incident and to harden its environment. While the company states its core systems remain operational, affected users are encouraged to follow the guidance issued in the official security update. Continuous monitoring of third‑party risk and timely patch management remain essential defenses against similar extortion campaigns.