Dental benefits administrator DentaQuest is facing scrutiny following reports that information belonging to approximately 2.6 million accounts was exposed in a data breach disclosed in recent weeks. The incident emerged after data linked to the company appeared online and was subsequently analyzed by data breach tracking services.
According to reporting on the incident, the cybercrime group ShinyHunters claimed responsibility for breaching DentaQuest and listed the organization on its leak site in May. The group alleged it had obtained more than 234 GB of data from the company. The claim was made by the threat actor and was not presented as independently verified fact.
The scale of the exposure became clearer after the dataset was reviewed and added to the HaveIBeenPwned breach notification service. The service reported that 2.6 million accounts were affected and stated that the exposed information included names, email addresses, physical addresses, phone numbers, dates of birth, gender information, government-issued identifiers, and health insurance-related data.
HaveIBeenPwned listed the breach as having occurred in May 2026 and added it to its database on June 3. The service said the information had been incorporated into its searchable breach repository, allowing users to determine whether their email addresses appeared in the exposed data.
DentaQuest acknowledged a cybersecurity incident in a statement referenced by multiple reports. According to that statement, the company opened an investigation into unauthorized access involving a portion of its network. The company indicated that its review of the incident was ongoing and that affected individuals were expected to receive notification if their information was determined to have been involved.
The incident first gained public attention when ShinyHunters published claims regarding the breach on its leak site. At the time, the group threatened to release the allegedly stolen information. Reports published in late May noted that limited details were available regarding the scope of the intrusion and the specific records involved.
Separate reporting from HaveIBeenPwned later stated that 2.6 million unique email addresses were included in the exposed dataset and that the records contained a range of personal and insurance-related information.