NAIC Confirms Data Breach by ShinyHunters, 3.1TB of Data Dumped Online

The National Association of Insurance Commissioners (NAIC) confirmed a data breach linked to a zero-day vulnerability in Oracle's PeopleSoft software, discovered on June 11, 2026. The notorious hacking group ShinyHunters has published a 3.1TB dataset allegedly containing regulatory filings and financial data. NAIC stated that no personally identifiable information (PII) or payment information was compromised, and its regulatory systems remain operational. The breach was part of a broader campaign targeting over 100 organizations, with ShinyHunters claiming responsibility for the attack. NAIC is currently evaluating the dataset with an external consultant and has activated incident response procedures. The breach highlights the risks associated with critical infrastructure in the US insurance sector.

Key Points: • NAIC confirmed a data breach involving 3.1TB of data linked to its systems. • The breach was caused by a zero-day vulnerability in Oracle's PeopleSoft software. • No PII or payment information was compromised, and NAIC's regulatory systems are secure.