DentaQuest data breach affects 2.6 million accounts
▼ Summary
– A data breach at DentaQuest exposed sensitive data of 2.6 million accounts, with the extortion group ShinyHunters publicly leaking the data after failing to reach an agreement with the company.
– DentaQuest is a major U.S. dental benefits administrator serving 35 million customers, part of Sun Life, and confirmed the breach on June 2, stating it caused limited disruption.
– The company took immediate action to secure its environment and engaged external experts to investigate the compromised data.
– Leaked data includes email addresses, full names, phone numbers, government-issued IDs, health insurance information, genders, and dates of birth.
– Have I Been Pwned found that roughly 66% of exposed records were from past incidents, and the leaked data increases the risk of social engineering and phishing attacks.
A massive data breach at DentaQuest, a major U.S. dental benefits administrator, has compromised the sensitive personal information of approximately 2.6 million accounts. The incident, attributed to the notorious extortion group ShinyHunters, was publicly disclosed after negotiations between the company and the hackers reportedly fell through.
The breach first came to light last month when ShinyHunters posted the company on its data leak site, claiming to have stolen over 234 GB of data. The group stated that after failing to reach an agreement with DentaQuest, it proceeded to leak the stolen files publicly.
DentaQuest, a subsidiary of Sun Life, is one of the largest dental benefits administrators in the United States. The company manages dental insurance plans and provider networks for Medicaid programs, Medicare Advantage plans, employers, health plans, and individual customers. It serves roughly 35 million customers across all 50 states and maintains a network of 140,000 dentists and dental specialists.
On June 2, DentaQuest confirmed the breach on its website, describing it as a cybersecurity incident involving unauthorized access to a limited portion of its network. The company stated that it took immediate action to secure its environment, contain the attack, and mitigate the threat. It also noted that its systems remained fully operational and that customer service experienced only limited disruption. External experts were brought in to assist with the investigation and to determine the scope of the data compromised.
The full extent of the exposure became clearer when Have I Been Pwned (HIBP) analyzed the leaked dataset. The alerting service found that the breach exposed records for 2.6 million accounts, including email addresses, full names, phone numbers, government-issued IDs, health insurance information, genders, and dates of birth. While DentaQuest’s statement did not explicitly confirm that client data was affected, HIBP is known for its rigorous verification methods. The service also noted that roughly 66% of the exposed records were already present in its database from past incidents involving other organizations.
Individuals whose information may have been exposed in this breach should remain vigilant. The leaked data significantly increases the risk of social engineering and phishing attacks, as cybercriminals can use the stolen details to craft convincing fraudulent communications.
(Source: BleepingComputer)
