In line with the Nationwide Affiliation of Insurance coverage Commissioners (NAIC), the ShinyHunters extortion group exploited a zero-day vulnerability in Oracle PeopleSoft servers to infiltrate programs and steal solely publicly accessible knowledge, previous logs, and configuration information.
The NAIC is the U.S. insurance coverage regulatory group with a presence in all 50 states. On June 11, the group recognized that its PeopleSoft system had been accessed by an unauthorized social gathering and found that “an unauthorized third social gathering had accessed a few of our IT programs.”
ShinyHunters claimed the assault and leaked stolen knowledge after the group refused to pay the ransom.
The NAIC responded to the attacker’s breach and addressed a few of the allegations. The group stated the hackers accessed and in some circumstances stole publicly accessible statutory monetary reviews, credit standing company knowledge, previous logs and configuration info.
In line with the NAIC, the investigation discovered no proof that personally identifiable info (PII) or monetary knowledge was compromised, immediately difficult the menace actor’s earlier claims that it had compromised key insurance coverage regulatory platforms similar to SERFF (Digital Charge and Kind Submission System), OPTins (Insurance coverage On-line Premium Tax), and SBS (State-Based mostly System).
The incident had operational implications, with credit standing companies briefly suspending knowledge feeds and the NAIC suspending funding designations, however there are main discrepancies between the hackers’ claims and the group’s findings.
In an announcement up to date on June 25, ShinyHunters claims to have 3.1 TB of knowledge, representing 105,000 information, stolen from NAIC’s programs.
- INSData Server and Imaginative and prescient Server
- 264,000 Insurance coverage Firm Regulatory Purposes from 2017 to 2024 PDF
- 2,000 buyer/order/cost data
- 45,000 ranking company information
- AWS infrastructure configuration
- SERFF, OPTins, and UCAA Saved Credentials for Manufacturing Environments
The hackers additionally identified within the replace {that a} earlier abstract of stolen knowledge had been exaggerated resulting from the usage of AI illusions when evaluating information.

Nevertheless, the attackers say their newest public stock has been verified by human reviewers and is believed to be correct.
NAIC stated all affected programs have now been remediated and are implementing extra defenses to stop future assaults.
ShinyHunter’s hacking marketing campaign utilizing a PeopleSoft Enterprise Programs zero-day (CVE-2026-35273) is alleged to have affected greater than 100 organizations.
BleepingComputer reported on the attacker’s zero-day assault earlier than Oracle made the safety difficulty public. Each cloud and on-premises Oracle PeopleSoft buyer cases had been focused in a breach that left an extortion demand letter signed by ShinyHunters.
The hackers stated a lot of the focused organizations belong to the training sector and had been beforehand extorted by menace actors.
Safety groups doc 54% of profitable assaults and difficulty a warning on solely 14%. The remainder strikes invisibly by the surroundings.
Picus’ whitepaper exhibits learn how to check your SIEM and EDR guidelines in breach and assault simulations to make sure threats go undetected.
Get the white paper
