DentaQuest said a cybersecurity incident exposed data tied to 2.6 million accounts after a breach at the dental benefits administrator and its parent Sun Life was linked to a leaked dataset posted by ShinyHunters.
KEY FACTS
- Incident DentaQuest said unauthorized access affected a limited portion of its network.
- Scale Have I Been Pwned said the leaked data contained records for 2.6 million accounts.
- Data exposed The dataset included email addresses, names, phone numbers, government-issued IDs and health insurance details.
- Status The company said its systems remained fully operational with limited disruption.
The incident came to light last month when ShinyHunters listed the company on its data leak site and said it had stolen more than 234 GB of data. The group later leaked the information after what it described as a failure to reach an agreement with the company.
On June 2, DentaQuest said it had detected unauthorized access to a limited portion of its network and took immediate steps to secure its environment, contain the attack and mitigate the threat. The company said it engaged external experts to help investigate what data may have been compromised.
Have I Been Pwned, the breach notification service, analyzed the leaked data and said it contained records for 2.6 million accounts. The disclosure said about 66% of the exposed records had appeared in its database from earlier incidents involving other organizations and services.
The exposed records also included genders and dates of birth. People affected by the incident were advised to watch for phishing and other social engineering attempts because the data can help attackers make messages appear more convincing.
WHY IT MATTERS
The breach involves personal and health-related information that can be used for identity theft or targeted scams. Even where some records overlap with past incidents, the combination of exposed data can increase the risk to people whose information appeared in the leak.