DentaQuest ShinyHunters data breach exposes 2.6 million accounts (2026)

On 2 June 2026, DentaQuest — one of the largest dental benefits administrators in the United States and part of Sun Life — confirmed that its networks had been breached, after the extortion group ShinyHunters added the company to its data-leak site and claimed to have stolen more than 234 GB of data. According to the threat actor, the cache covers roughly 2.6 million accounts.

What happened

ShinyHunters listed DentaQuest on its leak site and, following what it described as a failure to reach an agreement with the company, publicly released the stolen data. DentaQuest acknowledged the intrusion on its website, saying the incident caused only "limited disruption" to customer service while an investigation continued.

The exposed information reportedly included names, dates of birth, email addresses, genders, government-issued IDs, phone numbers, postal addresses, and health-insurance details — a combination well suited to identity theft and targeted fraud.

Why it matters

DentaQuest administers dental insurance plans and provider networks for Medicaid programmes, Medicare Advantage plans, employers, and individuals, and says it serves tens of millions of customers across the United States. A breach of this scale concentrates sensitive identity and health-coverage data on a population that is disproportionately reliant on public health programmes, and adds DentaQuest to the long roster of organisations extorted by ShinyHunters in 2026.

Sources

bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/dentaquest-data-breach-exposed-info-of-26-million-accounts/

securityweek.comhttps://www.securityweek.com/hackers-leak-dentaquest-information-impacting-2-6-million/

techradar.comhttps://www.techradar.com/pro/security/2-6-million-dentaquest-accounts-exposed-by-data-breach-shinyhunters-claim-234gb-of-data-stolen

scworld.comhttps://www.scworld.com/brief/dentaquest-data-breach-exposes-sensitive-information-of-2-6-million-accounts

Related incidents

Data breachOngoingJune 7, 2026

Baker Distributing ShinyHunters Salesforce data-extortion leak (2026)

After negotiations stalled, the ShinyHunters extortion crew published data it claimed to have stolen from Baker Distributing's Salesforce and SharePoint systems, exposing more than 100,000 customer email addresses and contact records.

Victim: Baker Distributing Company
Records: 102.9K

Data breachRansom paidMay 1, 2026

Instructure Canvas LMS ShinyHunters breach (2026)

ShinyHunters exploited Canvas's Free-For-Teacher account programme to exfiltrate 3.65 TB of data spanning approximately 275 million users across nearly 9,000 schools — names, email addresses, student IDs, and some private messages between students and teachers. Instructure reportedly paid the ransom and the data was destroyed.

Victim: Instructure (Canvas LMS)
Loss: $10.0M
Records: 275.0M

Data breachOngoingJune 11, 2026

University of Nottingham student-records breach claimed by ShinyHunters (2026)

The University of Nottingham confirmed a cyber incident after the ShinyHunters extortion group claimed to have stolen around 40 GB of data from its student-records system, exposing roughly 455,000 email addresses along with names, passport numbers, and fee-payment details.

Victim: University of Nottingham
Records: 455.0K

Credential stuffingContainedMay 30, 2024

Snowflake customer-account credential-stuffing campaign (UNC5537, 2024)

A threat cluster tracked as UNC5537 / ShinyHunters used credentials harvested by infostealer malware to log into ~160 Snowflake customer tenants that lacked MFA. Victims included AT&T, Ticketmaster, Santander, LendingTree, Advance Auto Parts, Neiman Marcus, and Bausch Health. Ticketmaster alone exposed data for ~560 million users.

Victim: Snowflake customer tenants (~160 organisations: AT&T, Ticketmaster, Santander, LendingTree, Advance Auto Parts, Neiman Marcus, Bausch Health, et al.)
Records: 560.0M