The ShinyHunters extortion group has published over 230 gigabytes of data allegedly stolen from dental benefits administrator DentaQuest.
The threat actor listed DentaQuest on its Tor-based leak site last month, claiming negotiations with the company failed, and leaking a 234 GB archive containing allegedly stolen data.
According to data breach notification website HaveIBeenPwned, which added the information to its database, the leak impacts roughly 2.6 million accounts.
The dataset includes names, addresses, email addresses, phone numbers, dates of birth, government-issued IDs, and health insurance information.
This week, DentaQuest confirmed falling victim to a cyberattack, saying it was working with external cybersecurity experts to determine the scope of the incident and what data might have been compromised.
“DentaQuest is actively managing a cybersecurity incident involving unauthorized access to a limited portion of our network. Upon discovery of the initial incident, we took immediate action to secure our environment, contain the attack and mitigate the threat,” the company said.
The benefits administrator said it has notified the relevant authorities of the attack, but did not share details on how the incident occurred or who was behind it.
SecurityWeek has emailed DentaQuest for additional information on the attack and will update this article if the company responds.
A Sun Life subsidiary, DentaQuest is one of the largest administrators of dental benefits in the US, serving 35 million people in 50 states.
Related: Nightclub Giant RCI Says Data Breach Affects 40,000 Individuals
Related: IMA Diligence Services Data Breach Impacts 525,000 People
Related: Charter Communications Data Breach Could Impact Nearly 5 Million
Related: California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach
