Blog Details

The Nationwide Affiliation of Insurance protection Commissioners (NAIC) says the ShinyHunters extortion community stole fully publicly readily available info, outdated logs, and configuration recordsdata after breaching its programs by exploiting a zero-day vulnerability in an Oracle PeopleSoft server.

NAIC is a U.S. insurance protection regulatory group veil in all 50 states. The group known on June 11 that its PeopleSoft machine had been accessed by an unauthorized fetch collectively and located that “an unauthorized third party gained access to a portion of our IT systems.”

ShinyHunters claimed the assault and leaked the stolen info after the group refused to pay a ransom.

NAIC spoke back to the chance actor’s leak and addressed one of the main claims. The group says that the hackers accessed and, in some circumstances, stole already publicly readily available statutory financial experiences, credit score ranking agency info, outdated logs, and configuration info.

In step with NAIC, the investigation found no evidence of for my portion identifiable info (PII) or financial info having been exposed and proper away disputed the chance actor’s earlier claims that they compromised predominant insurance protection regulatory platforms cherish SERFF (Machine for Electronic Fee and Fetch Submitting), OPTins (Online Top class Tax for Insurance protection), and SBS (Thunder-Basically primarily based mostly Programs).

The incident had operational consequences, with credit score ranking agencies temporarily suspending info feeds and the NAIC pausing funding designation work, but there are predominant discrepancies between the hackers’ claims and the group’s findings.

In an announcement as much as this level on June 25, ShinyHunters claims to take care of 3.1 TB of information same to 105,000 recordsdata stolen from NAIC’s programs:

• INSData and Vision servers
• 264,000 insurer regulatory submitting PDFs between 2017 and 2024
• 2,000 buyer/teach/price records
• Forty five,000 ranking agency recordsdata
• AWS infrastructure configs
• Stored credentials for SERFF, OPTins, and UCAA production environments

The hackers additionally important within the replace that a outdated summary of the stolen info changed into once exaggerated due to the the usage of AI hallucinations when evaluating the recordsdata.

Nonetheless, primarily based fully mostly on the chance actor, primarily the most modern revealed inventory changed into once validated by a human reviewer and desires to be idea of true.

NAIC acknowledged that every affected programs uncover now been remediated and that they are enforcing extra defenses to prevent future attacks.

ShinyHunter’s hacking spree the usage of the zero-day (CVE-2026-35273) within the PeopleSoft endeavor machine has allegedly impacted more than 100 organizations.

BleepingComputer reported regarding the chance actor’s zero-day attacks before Oracle disclosed the safety downside publicly. Each and each cloud and on-premises Oracle PeopleSoft buyer cases uncover been centered in breaches that left dreary extortion demands signed by ShinyHunters.

The hackers urged us that various the centered organizations uncover been within the education sector and had been beforehand extorted by the chance actor.