DentaQuest Data Breach Analysis: ShinyHunters Leak Exposes PII and PHI of 2.6 Million Members in 2026 – Rescana

DentaQuest Data Breach Analysis: ShinyHunters Leak Exposes PII and PHI of 2.6 Million Members in 2026 – Rescana

https://www.rescana.com/post/dentaquest-data-breach-analysis-shinyhunters-leak-exposes-pii-and-phi-of-2-6-million-members-in-2026

Publish Date: 2026-06-07 04:09:00

Source Domain: www.rescana.com

Executive Summary

In May 2026, DentaQuest, a leading dental and vision benefits administrator serving Medicaid, Medicare Advantage, employers, health plans, and individual customers across all 50 states, experienced a significant data breach. The cybercriminal group ShinyHunters claimed responsibility for the attack, which resulted in the exfiltration and subsequent public leak of over 234 gigabytes of sensitive data. This breach impacted approximately 2.6 million individuals, exposing personally identifiable information (PII) and protected health information (PHI) such as names, dates of birth, email addresses, phone numbers, home addresses, genders, government-issued IDs, health insurance information, and Medicaid IDs. The incident was confirmed by DentaQuest on June 2, 2026, and has since been independently verified by multiple cybersecurity sources. The breach has raised concerns regarding regulatory compliance, particularly due to delayed notification to the U.S. Department of Health and Human Services and state attorney general offices. The exposed data significantly increases the risk of identity theft, fraud, and targeted phishing attacks for affected individuals. This report provides a comprehensive technical analysis of the incident, the tactics used by the threat actor, and actionable recommendations for mitigation and response. Sources: PR Newswire, Have I Been Pwned, BleepingComputer