What to Do After the DentaQuest Data Breach

In May 2026, dental benefits administrator DentaQuest suffered a major data breach that exposed the personal and health information of approximately 2.6 million individuals. The ShinyHunters hacking group claimed responsibility, leaking over 234 GB of sensitive data after the company declined to pay a ransom. If you or your family members have dental insurance through DentaQuest, here is what you need to know and do.

What Happened?

The DentaQuest breach was confirmed on June 2, 2026, after the ShinyHunters extortion group publicly leaked data they claimed to have stolen from the company. ShinyHunters — the same group behind the McGraw Hill, Charter Communications, and Instructure breaches in 2026 — had demanded a ransom from DentaQuest. When negotiations failed, the data was published on a dark web leak site.

DentaQuest is one of the largest dental benefits administrators in the United States, managing dental plans for Medicaid, CHIP (Children's Health Insurance Program), and commercial insurance programs across multiple states. The breadth of their operations means this breach potentially affects a diverse population including children, low-income families, and individuals covered by employer-sponsored dental plans.

What Information Was Exposed?

The breach exposed both personally identifiable information (PII) and protected health information (PHI), including:

• Full names
• Dates of birth
• Email addresses
• Phone numbers
• Home addresses
• Gender
• Government-issued IDs (such as driver's license numbers)
• Health insurance information
• Medicaid IDs

How to Check if You Were Affected

1. Watch for notification letters: DentaQuest is required under HIPAA to notify affected individuals. Watch your mail and email for breach notification communications from the company.
2. Contact DentaQuest directly: If you are a current or former DentaQuest member and have not received a notification, contact their customer service to ask whether your data was included.
3. Check Have I Been Pwned: Visit haveibeenpwned.com and enter your email addresses to check if they appear in the leaked data.
4. Review your dental plan statements: Log into your dental insurance portal and check for any unfamiliar claims, providers, or changes to your account.

Steps to Protect Yourself

1. Place a Fraud Alert or Credit Freeze

Since government-issued IDs were exposed in this breach, identity theft is a significant risk. Take immediate action:

• Credit freeze: Place a freeze at Equifax, Experian, and TransUnion. This is free and prevents anyone from opening new credit accounts in your name.
• Fraud alert: If you do not want a full freeze, place a fraud alert with one of the three bureaus (it will automatically apply to all three). This requires creditors to take extra steps to verify your identity before issuing credit.

2. Monitor for Medical Identity Theft

With health insurance information and Medicaid IDs exposed, be vigilant about medical identity theft:

• Review all Explanation of Benefits (EOB) statements from your insurance provider
• Look for claims for services you did not receive
• Check for providers you have never visited
• Contact your insurance company immediately if you spot any unfamiliar activity

3. Change Your Passwords

Update passwords on your DentaQuest account, dental insurance portal, and any other accounts where you used the same email and password combination. Use a unique, strong password for each account.

4. Enable Two-Factor Authentication

Activate 2FA on your email accounts, banking apps, insurance portals, and any other sensitive services. This adds a critical second layer of defense.

5. Watch for Targeted Phishing

With detailed personal and health information in the hands of criminals, expect sophisticated phishing attempts. Be wary of:

• Emails or calls claiming to be from DentaQuest about "account verification"
• Messages about dental insurance changes or enrollment
• Communications referencing Medicaid benefits that ask you to click links or provide additional information
• Any unsolicited contact that references specific details about your dental coverage

6. Request Your Medical Records

Under HIPAA, you have the right to request a full accounting of disclosures from your healthcare providers. This can help you identify any unauthorized access to your medical records or fraudulent claims filed using your identity.

7. File Complaints if Necessary

If you discover that your data has been misused:

• File a complaint with the HHS Office for Civil Rights for HIPAA violations
• Report identity theft to the FTC at IdentityTheft.gov
• File a police report if fraudulent accounts or claims have been opened in your name

The Rise of Healthcare Data Breaches

The DentaQuest breach is part of a larger trend of healthcare data breaches in 2025 and 2026. Healthcare organizations are prime targets because they hold high-value data — names, dates of birth, government IDs, and health information — that sells for a premium on the dark web. Medical records can be worth 10 to 40 times more than credit card numbers on underground marketplaces.

How PrivacyOn Helps After a Breach Like This

PrivacyOn provides multiple layers of protection that are especially valuable after a healthcare data breach:

• Dark web monitoring: We scan dark web marketplaces and forums for your personal data, alerting you when information from breaches like DentaQuest appears for sale
• Data broker removal: We remove your personal information from 100+ people search sites, reducing the data available to identity thieves
• Continuous monitoring: 24/7 scanning means you are alerted quickly when new exposures are detected
• Family protection: Plans cover up to 5 family members — critical when children's data may also be at risk