DentaQuest just exposed 2.6M people's healthcare data — is your password in the breach?
Breaking: roughly 2.6 million DentaQuest members' records are now public. Here's what leaked, what didn't, and how to protect your accounts fast.
By SafePass.pro Team · Published · Updated · 5 min read
On June 3, 2026, the dental benefits administrator DentaQuest was added to Have I Been Pwned after the records of roughly 2.6 million people were leaked online. The exposed data includes names, contact details, dates of birth, government-issued IDs, and health insurance information — and for some records, Medicaid IDs. The leak did not include account passwords, but if your email is in it, you're now a prime target for phishing and credential-stuffing. The fastest way to protect yourself is to replace any reused passwords with fresh, unique ones.
What happened in the DentaQuest data breach?
DentaQuest, one of the largest U.S. dental benefits administrators and part of Sun Life, was hit by a "pay or leak" extortion campaign from the group ShinyHunters in May 2026. After negotiations reportedly failed, the attackers published roughly 234 GB of stolen data.
Have I Been Pwned analyzed the dataset and listed the breach on June 3, 2026, confirming about 2.6 million unique email addresses alongside names, addresses, phone numbers, dates of birth, genders, government-issued IDs, and health insurance information. Much of it came from healthcare enrollment files, some containing Medicaid IDs.
DentaQuest has acknowledged "unauthorized access to a limited portion" of its network and says it contained the incident.
Was my password exposed in the DentaQuest breach?
Almost certainly not directly — the published DentaQuest data exposed identity and healthcare information, not account passwords. The real danger is what attackers do with your leaked email address next.
Tellingly, Have I Been Pwned found that about 66% of the DentaQuest records had already appeared in earlier breaches. That overlap is a reminder of how widely the same email addresses — and the passwords people reuse with them — already circulate among attackers.
Why are healthcare data breaches especially dangerous?
Because the data is permanent and uniquely valuable. You can cancel a credit card, but you can't change your date of birth, medical history, or Medicaid ID.
- It can't be reset. Identity and health details stay valid for years, fueling fraud long after the breach.
- It powers convincing phishing. Attackers who know your insurer and personal details can craft messages you're far more likely to trust.
- It enables medical and insurance fraud. Government-issued and Medicaid IDs can be abused to file fraudulent claims.
- It chains into your other accounts. If you reused your email's password elsewhere, one leak becomes a key to your inbox, bank, and shopping accounts.
How does password reuse turn one breach into many?
Through an automated attack called credential stuffing. When one site is breached, attackers take the leaked email-and-password pairs and try them on hundreds of other services, betting that people reuse the same password.
The 66% of DentaQuest records already seen in prior breaches shows how effective this is — the same identities resurface again and again. Verizon's Data Breach Investigations Report consistently finds stolen credentials among the most common ways attackers get in.
How do I check whether my passwords are compromised?
Assume any password you've reused or kept for years is already exposed, and replace it. SafePass.pro makes the replacement safe automatically: every password it generates is checked against Have I Been Pwned's Pwned Passwords database using k-anonymity, so you instantly know your new password has never appeared in a known breach.
K-anonymity means your password never leaves your device in readable form — only a short, hashed prefix is sent, and the final matching happens locally. You can read exactly how this works in our how-it-works guide.
What should I do right now if you might be affected?
Take these steps in order — they take only a few minutes:
- Generate a fresh, unique password for your important accounts at SafePass.pro, and never reuse it.
- Replace reused passwords first, starting with email, banking, and your insurance or health portals.
- Turn on two-factor authentication so a stolen password alone can't unlock an account — see our 2FA guide.
- Expect targeted phishing about your dental or health benefits, and learn the warning signs.
- Monitor your accounts and identity, and because government-issued IDs were exposed, watch your statements and consider a credit freeze.
Why is generating a fresh, unique password the fastest fix?
Because a brand-new random password breaks credential-stuffing instantly. It has never appeared in any past breach, it isn't shared with any other account, and SafePass confirms it's clean the moment it's created.
It takes seconds: open SafePass.pro, generate a strong password, watch the breach check pass, and save it in your password manager. Repeat for every account that shared an old password.
Frequently asked questions
Did the DentaQuest breach expose passwords or just personal data?
The leaked dataset contained personal and healthcare data — names, contact details, dates of birth, government-issued IDs, and health insurance information — not account passwords. The main risk is targeted phishing and credential-stuffing against your exposed email address.
How do I know if I was affected by the DentaQuest breach?
Enter your email address at Have I Been Pwned to see whether it appears in the DentaQuest breach or other incidents. Have I Been Pwned added the DentaQuest breach on June 3, 2026.
Does SafePass store or send the passwords I generate?
No. Passwords are generated locally in your browser and are never stored on our servers. Breach checks use k-anonymity, so only a short hashed prefix is sent to Have I Been Pwned — never your full password.
I reused one password across several sites — what should I do?
Change it everywhere it was used, starting with email and financial accounts, and give each account its own unique password. A password manager makes keeping them all unique practical.