Data Breach

DentaQuest Data Breach May 2026 - What Was Exposed and What To Do

2,553,599 records exposed

The DentaQuest data breach exposed 2,553,599 records including Dates of birth, Email addresses, Genders, Government issued IDs, Health insurance information, Names, Phone numbers, Physical addresses. This breach has been verified by HaveIBeenPwned. Affected users should check HaveIBeenPwned.com and take immediate steps to protect their accounts.

What Happened

In May 2026, the dental benefits administrator DentaQuest was the target of a ShinyHunters "pay or leak" extortion campaign that resulted in the group publicly publishing hundreds of gigabytes of data allegedly obtained from the company. The data included 2.6M unique email addresses along with names, addresses and phone numbers. Much of the data appeared in healthcare enrollment files (ASC X12 transaction sets) with some containing Medicaid IDs, while additional data appeared in member records and related files. DentaQuest acknowledged "a cybersecurity incident involving unauthorized access to a limited portion of our network", and advised they had contained the attack and mitigated the threat.

Breach date
2026-05-23
Records affected
2,553,599
Verified
Yes
Domain
dentaquest.com

What Was Exposed

The following data types were included in the breach:

  • Dates of birth
  • Email addresses
  • Genders
  • Government issued IDs
  • Health insurance information
  • Names
  • Phone numbers
  • Physical addresses

What You Should Do

If you had an account with DentaQuest, take these steps immediately:

  1. Check if your account was affected at HaveIBeenPwned.com
  2. Watch for phishing emails that reference the breach or impersonate the affected company
  3. Place a fraud alert or credit freeze with all three credit bureaus (Equifax, Experian, TransUnion)
  4. Monitor your credit report for unauthorized accounts or inquiries
  5. Be alert for social engineering attempts using your exposed personal information
  6. Enable two-factor authentication on the affected service if available
  7. Consider using a password manager to generate unique passwords for each service

FAQ

Was my data in the DentaQuest breach?
Check HaveIBeenPwned.com to see if your email address was included in the DentaQuest breach. The breach exposed 2,553,599 records containing Dates of birth, Email addresses, Genders, Government issued IDs, Health insurance information, Names, Phone numbers, Physical addresses.
What should I do if my data was exposed in the DentaQuest breach?
Change your password on the affected service immediately. Enable two-factor authentication. If financial data or government IDs were exposed, place a fraud alert with credit bureaus and monitor your accounts for unauthorized activity.
When did the DentaQuest data breach happen?
The DentaQuest breach occurred on 2026-05-23. It was added to the HaveIBeenPwned database on 2026-06-03. The breach affected 2,553,599 accounts.

Need Incident Response?

Sherlock Forensics investigates data breaches for organizations. We determine scope of exposure, identify attack vectors, preserve evidence for legal proceedings and help you meet notification requirements.

Get Incident Response Help