The United States National Association of Insurance Commissioners (NAIC) confirmed on June 26, 2026 that it suffered a major cyberattack attributed to the ShinyHunters cybercriminal group. ShinyHunters claims to have stolen 3.1 terabytes of sensitive data from NAIC systems, raising concerns across the U.S. financial and insurance sectors about exposure of regulatory and operational information. Investigators from Google’s Threat Intelligence Group and Mandiant report the attackers exploited a zero-day vulnerability in Oracle PeopleSoft, which was patched by Oracle on June 10, 2026. NAIC detected unauthorized access on June 11 and publicly disclosed the incident on June 17, before confirming the breach’s full scale on June 26.
Prepared by Emily Rhodes and reviewed by editorial team.
The NAIC cyberattack could expose your insurance data. If you've interacted with any U.S. insurance regulator, your personal and financial information might be at risk. Check your accounts for unusual activity. Stay vigilant.
This attack shows that even regulatory bodies aren't immune to cyber threats. It's a wake-up call for stronger cybersecurity across all sectors. Worth forwarding if you know someone in the insurance industry.
No left-leaning sources found for this story.
No right-leaning sources found for this story.
Comments