DentaQuest Breach Exposes Data of 2.6 Million Accounts

A data breach at dental benefits administrator DentaQuest has reportedly exposed the sensitive data of 2.6 million accounts. The security incident came to light last month when the extortion group ShinyHunters listed the company on its data leak site.

ShinyHunters lists DentaQuest and leaks the data. The group claimed to have stolen more than 234 GB of data. Following what the threat actor describes as a failure to reach an agreement with the company, the data was publicly leaked.

DentaQuest confirms the cybersecurity incident. On June 2, DentaQuest confirmed on its website that its networks had been breached and the incident caused “limited disruption” in customer service. “DentaQuest is actively managing a cybersecurity incident involving unauthorized access to a limited portion of our network,” reads the statement. Upon discovery of the initial incident, the company took immediate action to secure its environment, contain the attack, and mitigate the threat.

DentaQuest engaged external experts to help with the investigation and determine the data that was compromised. “Our systems remain fully operational, and we continue to serve our clients with limited disruption.”

DentaQuest's position in the dental benefits market. DentaQuest, part of Sun Life, is one of the largest dental benefits administrators in the United States. It manages dental insurance plans and provider networks for Medicaid programs, Medicare Advantage plans, employers, health plans, and individual customers. The company says it serves 35 million customers, operates programs in 50 states, and has a network of 140,000 dentists and dental specialists.

HIBP analysis of the leaked dataset. Have I Been Pwned analyzed the leaked information and found that it contained records for 2.6 million accounts. The exposed data includes email addresses, full names, phone numbers, government-issued IDs, health insurance information, genders, and dates of birth. Although DentaQuest’s statement did not confirm that the data breach affected its clients, HIBP validated the leaked datasets using multiple verification methods.

Overlap with earlier breaches and victim guidance. HIBP also stated that roughly 66% of the exposed records were present in its database from past incidents affecting other organizations and services. People who may have had their information exposed in this incident should be cautious about all incoming communications. The leaked data increases the risk of social engineering and phishing attacks.