DentaQuest — ShinyHunters leak-site listing, US dental insurer

On 23 May 2026 the ShinyHunters extortion crew added DentaQuest to its dark-web leak portal, claiming to have exfiltrated data on 744 users from the US dental and vision insurance provider. A 27 May deadline was attached to the listing. The deadline passed without confirmed engagement, and on 28 May threat-intelligence trackers logged the listing escalating from pre-extortion to leak-imminent status.

DentaQuest is a subsidiary of Sun Life US Dental and one of the largest Medicaid-aligned dental benefits administrators in the United States, with tens of millions of members served through state programmes and commercial plans. Reporting on the breach is divided: some outlets state DentaQuest confirmed unauthorised access via a notice posted to its corporate website; others state neither DentaQuest nor Sun Life US Dental has formally acknowledged the incident. As of publication no Form 8-K, US Department of Health and Human Services Office for Civil Rights breach-portal entry, or state attorney-general filing is publicly visible against the breach.

The claimed scope — 744 records — is a fraction of what ShinyHunters has dumped in its 2026 campaign against Pitney Bowes, Carnival, Medtronic, 7-Eleven, Cushman & Wakefield, Charter, Vimeo and Instructure. That figure is more likely the leak-site teaser than the full taxonomy. The intrusion vector has not been described publicly. The wider ShinyHunters cluster has, across spring 2026, leaned on phishing-compromised employee email accounts pivoting into Salesforce or other SaaS data stores; whether DentaQuest fits that pattern or sits closer to a direct corporate-network compromise is not yet established.

A deep-dive will follow once the data taxonomy, US healthcare-regulator disclosure, parent-company position and any independent reporting on the intrusion route become publicly documented.