HomeIntelligenceBrief
BREACH BRIEF🟠 High Breach

ShinyHunters Leak 234 GB of DentaQuest Data Exposing 2.6 M Individuals

ShinyHunters published a 234 GB archive stolen from dental‑benefits administrator DentaQuest, revealing personal and Medicaid‑related records for roughly 2.6 million people. The breach highlights critical third‑party risk for organizations that rely on DentaQuest’s enrollment services.

LiveThreat™ Intelligence · 📅 June 08, 2026· 📰 securityaffairs.com
🟠
Severity
High
BR
Type
Breach
🎯
Confidence
High
🏢
Affected
4 sector(s)
Actions
3 recommended
📰
Source
securityaffairs.com

ShinyHunters Leak 234 GB of DentaQuest Data Exposing 2.6 M Individuals

What Happened — ShinyHunters extortion group published a 234 GB archive allegedly stolen from dental‑benefits administrator DentaQuest after ransom negotiations collapsed. The dump contains personal and health‑enrollment records for roughly 2.6 million individuals.

Why It Matters for TPRM

  • Massive exposure of PHI and PII creates compliance, reputational, and financial liability for any downstream partners that consume DentaQuest data.
  • The incident underscores the importance of continuous security assessments, breach‑response clauses, and data‑minimisation in third‑party contracts.

Who Is Affected — Dental‑benefits administrators, health‑plan sponsors, insurers, payroll/HR platforms that exchange enrollment data, and any organization that integrates with DentaQuest’s APIs.

Recommended Actions — Review contractual security and data‑protection clauses with DentaQuest, request evidence of post‑incident remediation, validate that your own environment does not retain any of the exposed data sets, and update incident‑response playbooks to include extortion‑type threats.

Technical Notes — Attack vector not disclosed; leaked data includes email addresses, names, phone numbers, mailing addresses, Medicaid IDs, and ASC X12 enrollment transaction files. No specific vulnerability or CVE was identified. Source: Security Affairs

📰 Original Source
https://securityaffairs.com/193274/data-breach/dentaquest-breach-shinyhunters-publish-data-impacting-2-6m-people.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · PrivacyOps · CookiePLUS

Data exposure is where consent and DSAR readiness get tested.

When personal data leaks, regulators ask what consent you held and how fast you can answer a subject request. The Verisq AI Trust Operations platform, with CookiePLUS, keeps that posture audit-ready under GDPR and CCPA.

Explore the Verisq AI Trust Operations platform →