ShinyHunters Dumps 234 GB From DentaQuest, Exposing PII/PHI of ~2.6 Million in 'Pay-or-Leak' Extortion
The extortion group ShinyHunters published approximately 234 GB of data stolen from dental-benefits administrator DentaQuest, a subsidiary of Sun Life Financial, in a 'pay-or-leak' scheme, impacting roughly 2.6 million i.
VERDICT — CONFIRMED

The extortion group ShinyHunters published approximately 234 GB of data stolen from dental-benefits administrator DentaQuest, a subsidiary of Sun Life Financial, in a 'pay-or-leak' scheme, impacting roughly 2.6 million individuals. ShinyHunters posted DentaQuest to its Tor leak site in May 2026 and released the data after negotiations reportedly failed. The compromised information includes about 2.6 million email addresses along with names, phone numbers and residential addresses, plus healthcare-related records—some containing Medicaid identification numbers—and member-enrollment files in ASC X12 transaction-set format, indicating exposure of both PII and protected health information (PHI).
DentaQuest manages dental and vision benefits for approximately 32 million Americans across Medicaid, CHIP, Medicare Advantage and commercial programs. The company confirmed unauthorized network access but said its systems remain fully operational with minimal service disruption, and that it is working with law enforcement and cybersecurity experts. The breach extends ShinyHunters' May-June 2026 extortion wave into the healthcare sector and raises HIPAA and identity-theft concerns given the Medicaid identifiers and treatment-adjacent records involved.
As with other recent ShinyHunters cases, the group used data publication—rather than encryption—as leverage, consistent with its data-theft-and-extortion model.


