June 2026 — DentaQuest, a major U.S. dental benefits administrator, has confirmed a data breach that exposed the personal information of around 2.6 million people, according to reports.
The incident was linked to the cybercrime group ShinyHunters, which claimed it stole around 234GB of data and leaked it online after ransom negotiations reportedly failed. The exposed data reportedly includes names, email addresses, phone numbers, government-issued ID information, health insurance details, gender, and dates of birth.
DentaQuest said it responded quickly to secure its systems and reduce disruption. The company also involved law enforcement and third-party cybersecurity experts to investigate and respond to the incident. Regular services were reported to be operating normally.
The breach is especially concerning because it involves health and insurance-related information. Unlike a password, personal details such as date of birth, ID information, and insurance data cannot simply be changed. This type of data may be used in identity theft, fraud attempts, phishing messages, or targeted scams.
The incident also highlights the continued risk facing healthcare and insurance-related organizations. These sectors often store large amounts of sensitive personal data, making them attractive targets for cybercriminal groups.
For affected individuals, the main advice is to watch for suspicious emails, calls, or messages claiming to be from insurance providers, healthcare companies, or support teams. Users should avoid clicking links in unexpected messages, verify requests through official channels, and monitor accounts for unusual activity.
The DentaQuest incident is another reminder that data protection is not only a technical issue. Organizations that store sensitive personal information must maintain strong security controls, monitor for unauthorized access, and respond quickly when incidents happen.