NAIC says public data stolen in ShinyHunters’ PeopleSoft breach

A high-profile cyber attack has left the National Association of Insurance Commissioners (NAIC) scrambling to contain the fallout. The ShinyHunters extortion group claimed responsibility for breaching NAIC’s systems, but an investigation by the organization has revealed that the hackers stole only publicly available data and outdated information.

The breach occurred when ShinyHunters exploited a zero-day vulnerability in an Oracle PeopleSoft server, which allowed them to access sensitive areas of NAIC’s IT systems. However, instead of stealing valuable data such as personally identifiable information (PII) or financial records, the hackers made off with publicly available statutory financial reports, credit rating agency data, and configuration files.

The NAIC has disputed ShinyHunters’ claims that they compromised critical insurance regulatory platforms like SERFF, OPTins, and SBS. In fact, an investigation found no evidence of PII or financial data having been exposed. The organization has acknowledged that the breach did have operational consequences, with credit rating agencies temporarily suspending data feeds and NAIC pausing investment designation work.

ShinyHunters claimed to have stolen 3.1 terabytes of data corresponding to 105,000 files from NAIC’s systems, including insurer regulatory filing PDFs between 2017 and 2024, customer/order/payment records, rating agency files, and AWS infrastructure configs. However, the hackers later acknowledged that their previous summary of the stolen data was exaggerated due to using AI hallucinations when evaluating the files.

The incident highlights the importance of proper security measures in preventing cyber attacks. The fact that ShinyHunters exploited a zero-day vulnerability in Oracle PeopleSoft servers suggests that many organizations may be vulnerable to similar attacks. According to reports, more than 100 organizations have been impacted by ShinyHunter’s hacking spree using this same vulnerability.

The NAIC has stated that all affected systems have now been remediated and additional defenses are being implemented to prevent future attacks. However, the incident serves as a reminder for organizations to regularly test their security measures and stay vigilant against evolving cyber threats.

In light of this breach, it is essential for organizations to prioritize regular security testing and vulnerability assessments. By doing so, they can identify potential weaknesses before attackers do, thereby reducing the risk of successful attacks.


Source: Bleeping Computer — 2026-06-29