ShinyHunters Leak 234 GB of DentaQuest Data Exposing 2.6 M Individuals
What Happened — ShinyHunters extortion group published a 234 GB archive allegedly stolen from dental‑benefits administrator DentaQuest after ransom negotiations collapsed. The dump contains personal and health‑enrollment records for roughly 2.6 million individuals.
Why It Matters for TPRM —
- Massive exposure of PHI and PII creates compliance, reputational, and financial liability for any downstream partners that consume DentaQuest data.
- The incident underscores the importance of continuous security assessments, breach‑response clauses, and data‑minimisation in third‑party contracts.
Who Is Affected — Dental‑benefits administrators, health‑plan sponsors, insurers, payroll/HR platforms that exchange enrollment data, and any organization that integrates with DentaQuest’s APIs.
Recommended Actions — Review contractual security and data‑protection clauses with DentaQuest, request evidence of post‑incident remediation, validate that your own environment does not retain any of the exposed data sets, and update incident‑response playbooks to include extortion‑type threats.
Technical Notes — Attack vector not disclosed; leaked data includes email addresses, names, phone numbers, mailing addresses, Medicaid IDs, and ASC X12 enrollment transaction files. No specific vulnerability or CVE was identified. Source: Security Affairs