</>ScanMyVibe
SCAN FREE
← BREACH ALERTS
CRITICAL2026-05-23via haveibeenpwned

🚨 DentaQuest Breach — 2.6M Accounts Exposed

DentaQuest suffered a data breach affecting 2.6M accounts. Here's what happened, what data was exposed, and what you should do right now.

2,553,599
ACCOUNTS
CRITICAL
SEVERITY
8
DATA TYPES

What Happened

In May 2026, the dental benefits administrator DentaQuest was the target of a ShinyHunters "pay or leak" extortion campaign that resulted in the group publicly publishing hundreds of gigabytes of data allegedly obtained from the company. The data included 2.6M unique email addresses along with names, addresses and phone numbers. Much of the data appeared in healthcare enrollment files (ASC X12 transaction sets) with some containing Medicaid IDs, while additional data appeared in member records and related files. DentaQuest acknowledged "a cybersecurity incident involving unauthorized access to a limited portion of our network", and advised they had contained the attack and mitigated the threat.

Impact

  • Affected accounts: 2.6M
  • Data exposed: Dates of birth, Email addresses, Genders, Government issued IDs, Health insurance information, Names, Phone numbers, Physical addresses
  • Severity: CRITICAL
  • Source: [haveibeenpwned](https://haveibeenpwned.com/PwnedWebsites#DentaQuest)

    • What You Should Do

    If you have an account with DentaQuest, take these steps immediately:

  • **Change your password** — Use a unique, strong password (16+ chars with mixed case, numbers, symbols)
  • **Enable 2FA** — Turn on two-factor authentication if available
  • **Check your email** — Search for breach notifications from DentaQuest
  • **Monitor your accounts** — Watch for unauthorized access on any service where you reused the same password
  • **Scan your site** — If you run a website, [run a free ScanMyVibe scan](https://scanmyvibe.co/scan) to check if your own security headers and configurations protect against common attack vectors

    • Is Your Website Secure?

    Data breaches often exploit weak security configurations — missing Content-Security-Policy headers, misconfigured CORS, exposed API keys. These are exactly the issues ScanMyVibe detects in under 30 seconds.

    [Scan your site free →](https://scanmyvibe.co/scan)

    Timeline

  • 2026-05-23 — Breach reported
  • 2026-05-23 — ScanMyVibe breach alert published
  • Ongoing — Investigation in progress

    • This article is auto-generated by ScanMyVibe's breach monitoring system. Sources are verified but details may evolve as investigations progress. Last updated: 2026-06-03.

    IS YOUR SITE NEXT?

    Scan your website for the same vulnerabilities that cause breaches like this one.

    SCAN FREE — 150+ CHECKS