DentaQuest data breach exposed info of 2.6 million accounts
Source: Bleeping Computer
A data breach at the dental benefits administrator DentaQuest has reportedly exposed the sensitive data of 2.6 million accounts.
The security incident came to light last month when the extortion group ShinyHunters listed the company on its data leak site and claimed to have stolen more than 234 GB of data. After the threat actor said it failed to reach an agreement with the company, the data was publicly leaked.
Source: BleepingComputer
Company background
DentaQuest, part of Sun Life, is one of the largest dental benefits administrators in the United States. It manages dental insurance plans and provider networks for Medicaid programs, Medicare Advantage plans, employers, health plans, and individual customers.
- Serves 35 million customers
- Operates programs in all 50 states
- Network of 140,000 dentists and dental specialists
Incident confirmation
On June 2, DentaQuest confirmed on its website that its networks had been breached, causing “limited disruption” in customer service.
“DentaQuest is actively managing a cybersecurity incident involving unauthorized access to a limited portion of our network,” the statement reads.
“Upon discovery of the initial incident, we took immediate action to secure our environment, contain the attack, and mitigate the threat. Our systems remain fully operational, and we continue to serve our clients with limited disruption.”
The firm also said it engaged external experts to investigate and determine the compromised data.
Data exposed
Have I Been Pwned (HIBP) analyzed the leaked information and found records for 2.6 million accounts. The exposed data includes:
- Email addresses
- Full names
- Phone numbers
- Government‑issued IDs
- Health insurance information
- Genders
- Dates of birth
HIBP noted that roughly 66 % of the exposed records were already present in its database from past incidents affecting other organizations and services.
Recommendations
Individuals whose information may have been exposed should be cautious about all incoming communications, as the leaked data increases the risk of social engineering and phishing attacks.