Published
June 20, 2026
Investigation Stage · Claims Unverified · No Suit Filed
This page describes an ongoing data-breach investigation and a threat actor's public claims. DentaQuest confirmed a cybersecurity incident but had not confirmed its scope; the scale figures and data-element lists below come from the attacker's leaked dataset and security reporting, not from a DentaQuest disclosure. No class action has been filed and there is nothing to claim. This page is informational and is not legal advice.
Status
Incident Confirmed · Attorneys Investigating
No class action on file as of this writing
Scale
Scope unconfirmed · ~2.6M-record hacker dataset
DentaQuest said it had not determined the scope; ~2.6M unique emails were reported in the leaked dataset
Reportedly Involved
Names, DOB, contact info, gov't IDs, health-insurance & Medicaid IDs
Attributed to the leaked dataset, not confirmed by DentaQuest · no SSNs reported
Can I Claim?
No — nothing to claim yet
No settlement, no fund, no claim form
What Is This About?
DentaQuest — one of the largest dental-benefits administrators in the United States and a subsidiary of Sun Life — has confirmed it is managing a cybersecurity incident. A threat actor later leaked a dataset tied to the company, and security researchers reported it contained roughly 2.6 million unique email addresses. Plaintiffs' attorneys have announced they are investigating potential claims.It is important to be precise about what is and isn't known. DentaQuest publicly confirmed an incident but said it had not yet determined the scope or exactly what data was affected. The 2.6 million figure and the list of data elements come from the leaked dataset and security reporting — not from a DentaQuest disclosure. As of this writing, no class action has been filed, and there is no settlement and nothing to claim.
What DentaQuest Confirmed
In a public notice, DentaQuest said it is "actively managing a cybersecurity incident involving unauthorized access to a limited part of its network," that it took immediate action to contain and mitigate the incident, and that it is working with outside cybersecurity experts, forensic investigators, and law enforcement, with its systems remaining operational. Crucially, the company stated it "has yet to determine the exact scope of the incident and the extent to which sensitive data has been compromised."In other words, DentaQuest confirmed that something happened, but did not confirm how many people were affected or publish a field-by-field list of the data involved. Those details are still, on the public record, unconfirmed by the company.
Confirmed Incident vs. the Attacker's Claims
As with many 2026 breaches, the eye-catching numbers come from the attacker, not the company:• Company-confirmed: a cybersecurity incident involving unauthorized access to a limited part of DentaQuest's network; scope not yet determined.
• Threat-actor claims (unverified): the extortion group ShinyHunters claimed responsibility, claimed to have taken a large volume of data (reported as 234+ GB), and — after negotiations reportedly broke down — leaked the data. Security researchers reported the leaked dataset contained about 2.6 million unique email addresses, along with names, dates of birth, addresses, phone numbers, gender, government-issued ID numbers, health-insurance information, and Medicaid IDs.
Every one of those data elements, and the 2.6 million figure, should be read as attributed to the leaked dataset and security reporting — not as a DentaQuest-confirmed disclosure. No reputable report alleged that Social Security numbers were involved.
Has a Lawsuit Been Filed?
Not as of this writing. Several plaintiffs' firms have publicly announced that they are "investigating" potential class action claims on behalf of DentaQuest members — but an investigation is a solicitation, not a filed lawsuit. No case caption, case number, or court was on the public record when this page was published. We will update this page if a complaint is filed.Because DentaQuest handles protected health information, a breach affecting 500 or more people would eventually have to appear on the U.S. Department of Health and Human Services breach portal; as of this writing, no such listing had been confirmed.
Is There a Settlement?
No. This is an investigation, not a settlement.That means there is no settlement fund, no claim form, no payout, and no deadline. No class has been certified because no class action has been filed. If a lawsuit is filed and later settles, or DentaQuest offers credit monitoring to affected members, those steps would be announced separately. Be cautious of any website that claims you can "file a claim" for this matter today.
What Should DentaQuest Members Do Now?
Watch for an official notification letter from DentaQuest, and treat any email or call about the breach with caution — phishing often follows breaches. Monitor your insurance statements and financial accounts for unfamiliar activity, and consider placing a fraud alert or a credit freeze with the major credit bureaus. There is nothing to file right now; keep any notice you receive in case a settlement or claims process is later created. For related health-data incidents, see our coverage of the NYC Health + Hospitals data breach and the Change Healthcare data breach.This page is informational and is not legal advice.
Frequently Asked Questions
Is there a DentaQuest data breach settlement or class action?
No. Attorneys have announced investigations, but no class action has been filed and there is no settlement, fund, or claim form. Nothing to claim.How many people were affected by the DentaQuest breach?
DentaQuest said it had not determined the scope and did not publish a number. The ~2.6 million figure comes from the leaked dataset (unique email addresses), an attacker/dataset-derived figure — not a company-confirmed count.What information may have been involved?
DentaQuest did not enumerate the fields. Security reporting on the leaked dataset described names, DOB, contact details, government IDs, health-insurance information, and Medicaid IDs — attributed to the dataset, not confirmed by DentaQuest. No SSNs were reported.Sources
• BleepingComputer — "DentaQuest data breach exposed info of 2.6 million accounts"• HIPAA Journal — DentaQuest data breach coverage
• SecurityWeek — "Hackers Leak DentaQuest Information"
Free settlement alerts
Get notified when new class actions open to claims
Join thousands of readers who get the latest class action settlements you may qualify for — delivered straight to your inbox.
For more class actions keep scrolling below.
Status
Incident confirmed — attorneys investigating; no suit filed
Company
DentaQuest (a Sun Life company)
Confirmed Scope
Not yet determined by DentaQuest
Dataset Claim
~2.6M unique emails in the leaked dataset (attacker-derived)
Settlement
None — no class action on file
