Your dental plan just became your biggest security problem. DentaQuest — one of the largest dental-benefits companies in America — had the personal and health data of 2.6 million people dumped online, and almost none of those people ever chose to do business with them. If you think your own company is too careful for this, the newest numbers say otherwise. *Confidence you can’t prove is just exposure wearing a smile.* Bryan Hornung and Randy Bryan break down this week’s stories — for the executives, owners, and operators who don’t have time to keep up with cyber news but can’t afford to be blindsided by it either. (Reginald Andre is out this week — back next episode.) First up: the DentaQuest breach. The extortion crew ShinyHunters stole 234 gigabytes of data, tried to shake DentaQuest down for a ransom, and when the company didn’t pay, they dumped the whole thing on a leak site. Inside that pile: names, birthdates, phone numbers, Medicaid IDs, and health-insurance details on 2.6 million people. The detail that should make you angry — researchers found roughly 1.7 million Social Security numbers in a separate folder, and a large share of them appear to belong to children. A stolen kid’s SSN is gold to a fraudster, because nobody checks a nine-year-old’s credit for ten years. And here’s the part every business owner needs to hear: most victims never picked DentaQuest at all — their employer or their state Medicaid program did. Somebody else’s vendor became your breach. Then we close on the mirror. A brand-new survey of 4,400 small and mid-size businesses found that owners have never felt more secure — 68% are confident they can stop an attack, and 75% trust they can respond. The problem? 45% of them got breached in the last year anyway. The number that stops you cold: among businesses hit more than once, confidence actually went UP — to 91% in the U.S. Meanwhile two-thirds still don’t turn on multi-factor authentication, and only about 17% encrypt their data — the cheap, boring controls that stop most attacks. The average breach at a company under 500 people now runs about $3.31 million. Owners are scared of sci-fi AI malware while the rip current — phishing, weak passwords, no monitoring — is the thing actually pulling them under. Two stories, one crack running through both: somebody assumed they were covered, and the assumption was the vulnerability. The fix isn’t more fear or more confidence — it’s proof. In this episode, we discuss: • How 2.6 million people got exposed by a company most of them never chose. • Why ShinyHunters’ “pay-or-we-leak” model makes your backups useless. • Why a stolen child’s Social Security number is worth more than yours. • How small businesses can feel 68% confident and still get breached 45% of the time. • Why getting hit twice somehow makes owners MORE confident — and why that’s backwards. • The two cheap controls two-thirds of businesses still skip. • How to replace “I feel secure” with proof you can actually show. Security Squawk is a weekly podcast and live stream for business owners and executives. Support the show: buymeacoffee.com/securitysquawk
