DentaQuest Data Breach Exposes Millions of Individuals' Personal and Health Information
Dental benefits administrator DentaQuest confirmed a cyberattack that resulted in the leak of 234 GB of data, impacting approximately 2.6 million individuals.
The extortion group ShinyHunters has published a massive archive of data, reportedly stolen from DentaQuest, a prominent dental benefits administrator in the United States. The leaked data, totaling approximately 234 gigabytes, contains sensitive personal and health information belonging to an estimated 2.6 million individuals.
ShinyHunters had previously listed DentaQuest on its Tor-based leak site, claiming that negotiations with the company had failed, which led to the public release of the stolen data. The group is known for its tactic of exfiltrating sensitive information and then threatening to publish it unless a ransom is paid.
Data breach notification service HaveIBeenPwned confirmed the inclusion of this data in its database, detailing the extensive nature of the compromised information. The leaked dataset includes a wide array of personally identifiable information (PII) and protected health information (PHI), such as names, addresses, email addresses, phone numbers, dates of birth, government-issued identification numbers, and health insurance details.
In response to the incident, DentaQuest issued a statement confirming it had fallen victim to a cybersecurity incident involving unauthorized access to a portion of its network. The company stated it took immediate steps to secure its environment, contain the attack, and mitigate the threat upon discovery. DentaQuest also indicated it has notified relevant authorities about the attack.
However, DentaQuest has not yet disclosed the specific method of the attack or attributed it to any particular threat actor. The company is reportedly working with external cybersecurity experts to fully assess the scope of the incident and determine the exact nature of the data that may have been compromised. SecurityWeek has reached out to DentaQuest for further details and will provide updates as they become available.
DentaQuest, a subsidiary of Sun Life, is one of the largest administrators of dental benefits in the U.S., serving an estimated 35 million individuals across all 50 states. The scale of this breach underscores the significant risks faced by healthcare and benefits administrators, which often hold vast amounts of sensitive data.
This incident highlights the persistent threat of data exfiltration and extortion campaigns targeting organizations that manage large volumes of personal and financial information. The publication of such data can lead to identity theft, financial fraud, and significant reputational damage for the affected companies, alongside severe privacy violations for the individuals whose data is exposed.