THU 02 JUL 2026 · GMT EDITION A WHITESTONE INTELLIGENCE PUBLICATION
MARKETS · CYBER · MEMOS · MODELS
DAILY ISSUES26 MAY27 MAY28 MAY29 MAY30 MAY31 MAY01 JUN02 JUN03 JUN04 JUN05 JUN06 JUN07 JUN08 JUN09 JUN10 JUN11 JUN12 JUN13 JUN14 JUN15 JUN16 JUN17 JUN18 JUN19 JUN21 JUN22 JUN23 JUN24 JUN25 JUN26 JUN27 JUN28 JUN29 JUN30 JUN01 JUN02 JUNALL ›
FRONT PAGE / CYBER / CYB-30D-009
CYBER · cves zero days · 2026-06-07SCOOP 64

ShinyHunters Dumps 234 GB From DentaQuest, Exposing PII/PHI of ~2.6 Million in 'Pay-or-Leak' Extortion

The extortion group ShinyHunters published approximately 234 GB of data stolen from dental-benefits administrator DentaQuest, a subsidiary of Sun Life Financial, in a 'pay-or-leak' scheme, impacting roughly 2.6 million i.

·FILED ISSUE 2026-06-07·1 MIN READ·RE-VERIFIED 2026-07-02 UTC·✓ RE-VERIFIED 2026-07-02

VERDICT — CONFIRMED

QA-reviewed confidence · primary + corroborating sources verified · re-verified 2026-07-02 UTC
ShinyHunters Dumps 234 GB From DentaQuest, Exposing PII/PHI of ~2.6 Million in 'Pay-or-Lea
Security Affairs

The extortion group ShinyHunters published approximately 234 GB of data stolen from dental-benefits administrator DentaQuest, a subsidiary of Sun Life Financial, in a 'pay-or-leak' scheme, impacting roughly 2.6 million individuals. ShinyHunters posted DentaQuest to its Tor leak site in May 2026 and released the data after negotiations reportedly failed. The compromised information includes about 2.6 million email addresses along with names, phone numbers and residential addresses, plus healthcare-related records—some containing Medicaid identification numbers—and member-enrollment files in ASC X12 transaction-set format, indicating exposure of both PII and protected health information (PHI).

DentaQuest manages dental and vision benefits for approximately 32 million Americans across Medicaid, CHIP, Medicare Advantage and commercial programs. The company confirmed unauthorized network access but said its systems remain fully operational with minimal service disruption, and that it is working with law enforcement and cybersecurity experts. The breach extends ShinyHunters' May-June 2026 extortion wave into the healthcare sector and raises HIPAA and identity-theft concerns given the Medicaid identifiers and treatment-adjacent records involved.

As with other recent ShinyHunters cases, the group used data publication—rather than encryption—as leverage, consistent with its data-theft-and-extortion model.

Share
Filed by the Cyber desk · verified by the verification desk · re-verified 2026-07-02 · Our standards: the two-source rule ›
CITE THIS FILE — The Dossier Wire · cyb-30d-009 · filed 2026-06-07 · https://thedwire.com/wire/cyb-30d-009-shinyhunters-dumps-234-gb-from-dentaquest-exposing-pii-phi.html · Primary and corroborating sources listed above; archived at publication. Republishing & licensing: hello@thedwire.com.
More from Cyber FULL DESK ›
CISA orders agencies to patch SolarWinds Serv-U flaw being exploited to crash fi
Cybersecurity News
CYBER · SCOOP 56

CISA orders agencies to patch SolarWinds Serv-U flaw being exploited to crash file-transfer servers

CISA added CVE-2026-28318, a SolarWinds Serv-U denial-of-service flaw under active exploitation, to its Known Exploited Vulnerabilities catalog late Friday, ordering federal civilian agencies to remediate by June 19 under Binding Operational Directive 22-01 as coverage spread through the weekend. The uncontrolled resource consumption bug

✓ verifiednewSOURCE ↗
READ THE FILE ›
Cisco discloses 7th SD-WAN zero-day of 2026 (CVE-2026-20245) exploited for root
CYBER · SCOOP 82

Cisco discloses 7th SD-WAN zero-day of 2026 (CVE-2026-20245) exploited for root on Catalyst SD-WAN Manager; no patch

Cisco disclosed CVE-2026-20245 on June 5, 2026, a privilege-escalation/command-injection zero-day in the command-line interface of Cisco Catalyst SD-WAN Manager, the seventh SD-WAN zero-day Cisco has confirmed exploited in 2026. The flaw stems from insufficient validation of user-supplied input: an authenticated attacker holding 'netadmin

✓ verifiedSOURCE ↗
READ THE FILE ›
May 2026 ransomware leak-site data: 661 attacks, ~115TB stolen; Qilin (97), The
CYBER · SCOOP 68

May 2026 ransomware leak-site data: 661 attacks, ~115TB stolen; Qilin (97), The Gentlemen (71), DragonForce (51) lead

Ransomware leak-site activity rose modestly in May 2026, with 661 incidents tracked globally (Comparitech data via Industrial Cyber), a 3% increase over April's 640, and nearly 115 TB of data claimed stolen across reported attacks. Qilin remained the most active operation with 97 claimed attacks, though down about 10% from April's 108; Th

✓ verifiedSOURCE ↗
READ THE FILE ›

The morning wire in your inbox — every brief, primary sources linked, no noise.

Free tier. The Wire — continuous desk briefs · Records archive · Bureau alerts.

Stored to the wire's subscriber list. No spam, unsubscribe any time.