Back to Blog
medium severity May 23, 2026 · 2.6M affected

DentaQuest Data Breach (2026)

In May 2026, the dental benefits administrator DentaQuest was the target of a ShinyHunters "pay or leak" extortion campaign that resulted in the group publicly publishing hundreds of gigabytes of data allegedly obtained from the company. The data included 2.6M unique email addresses along with names, addresses and phone numbers. Much of the data appeared in healthcare enrollment files (ASC X12 transaction sets) with some containing Medicaid IDs, while additional data appeared in member records and related files. DentaQuest acknowledged "a cybersecurity incident involving unauthorized access to

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity Medium
Disclosed May 23, 2026
Affected 2.6M
Data exposed Dates of birthEmail addressesGendersGovernment issued IDsHealth insurance informationNamesPhone numbersPhysical addresses

On May 23, 2026, dental benefits administrator DentaQuest became the latest victim of the ShinyHunters group, which published hundreds of gigabytes of stolen data after a “pay or leak” extortion attempt. The breach exposed records belonging to 2.6 million people, including names, physical addresses, phone numbers, email addresses, dates of birth, genders, government-issued IDs, Medicaid IDs, and health insurance information.

Confirmed Details of the Incident

Public reporting indicates the attackers gained unauthorized access to DentaQuest systems and exfiltrated large volumes of member data. Much of the information appeared in healthcare enrollment files using ASC X12 transaction sets, with additional records drawn from member databases. DentaQuest later confirmed a cybersecurity incident involving unauthorized access but has not released a full technical timeline.

The exposed dataset contained 2.6 million unique email addresses along with corresponding personal details. Government-issued identifiers and health insurance data were present in multiple file types, increasing the sensitivity of the leak. The group ultimately chose to publish the material publicly after the extortion deadline passed.

Why This Matters for You and Your Family

If you or anyone in your household has ever been covered under a DentaQuest dental plan, your personal information may now be available to identity thieves, scammers, and doxxers. Names, addresses, phone numbers, dates of birth, and government IDs together form the core dataset needed for tax fraud, loan applications in your name, or targeted phishing campaigns.

Health insurance details add another layer of risk. Criminals can use them to file false medical claims, order prescription drugs, or impersonate you when dealing with insurers. Children covered under family plans are not exempt; their dates of birth and Medicaid IDs can be exploited years later when they become adults.

The Doxxing and Identity-Chain Risks

A single breach rarely stays isolated. Once names, emails, and addresses are public, attackers can cross-reference them with usernames found on gaming platforms, social media, and older forum leaks. This creates an identity chain that links your real-world identity to online handles, making doxxing and swatting far easier.

Credential leaks of this kind frequently cascade into account takeovers. A reused password taken from the DentaQuest files can open the door to email, banking, or gaming accounts. When those accounts belong to your children, the consequences range from harassment in games to broader exposure of family photos, school details, and home address.

ShinyHunters’ Public Track Record

Public reporting attributes the DentaQuest campaign to ShinyHunters, a group known for “pay or leak” extortion since at least 2020. The actors have previously targeted organizations in healthcare, education, and technology, often publishing sample data before releasing full archives if ransom demands are ignored.

Their typical playbook begins with initial access through stolen credentials or vulnerabilities, followed by exfiltration of customer or member databases. They then contact the victim with a ransom demand and set a short deadline. When payment is not made, they upload the material to leak sites and advertise it on hacking forums. This pattern has repeated across dozens of incidents documented by researchers.

What to Do

  • Run a DoxxScan to map every link between your emails, phone numbers, addresses, and online handles that may have surfaced in this or earlier breaches.
  • Rotate any password you used for DentaQuest or related health portals anywhere else it is reused, and switch to 2FA through an authenticator app rather than SMS.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next leak exposing you or your family is caught in hours instead of months.
  • Cover the household with DoxxScan family protection, which includes dependents and children’s gaming accounts that often chain back to the same address or parent email.
  • Let remediation specialists handle takedown requests for any personal records appearing on data broker sites that now hold information stolen from DentaQuest.

The DentaQuest breach is a reminder that healthcare-related data leaks continue to surface long after the initial incident. Taking concrete steps now limits how far criminals can travel down the identity chain that begins with this leak. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping, and hands-on remediation by specialists, with household coverage that explicitly protects children’s gaming accounts alongside adult family members.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.