The National Association of Insurance Commissioners (NAIC), which supports state insurance regulation across all 50 U.S. states, has confirmed it was compromised in a hacking campaign exploiting an Oracle PeopleSoft zero-day vulnerability, tracked as CVE-2026-35273. Oracle issued an out-of-band advisory on June 11, 2026, after Google and others observed active exploitation. NAIC disclosed on June 26 that attackers accessed statutory financial reporting data, credit rating agency information, and technical logs and configuration data. The association said no personally identifiable, payment, or financial account information was exposed and that state insurance departments’ systems were not affected. Extortion group ShinyHunters claims stealing 3.1 TB of data.
Prepared by Christopher Adams and reviewed by editorial team.
Your insurance isn't at risk. The NAIC hack didn't expose personal, payment, or financial account data. But it's a reminder: cyber threats are real. Check your insurance company's data security policies. Ask how they protect your information.
This is a wake-up call for businesses. Even regulatory bodies aren't immune to cyber attacks. It's about safety and trust. Worth forwarding if you know a business owner who needs to tighten their cyber security.
No left-leaning sources found for this story.
No right-leaning sources found for this story.
Comments