• NAIC confirms data breach with ShinyHunters claiming 3.1TB of dat

    From TechnologyDaily@1337:1/100 to All on Friday, June 26, 2026 19:15:27
    NAIC confirms data breach with ShinyHunters claiming 3.1TB of data stolen in Oracle zero-day attack

    Date:
    Fri, 26 Jun 2026 18:00:00 +0000

    Description:
    Insurer regulatory filing documents, customer bulk orders, and more, stolen
    in a major zero-day supply chain attack

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter NAIC confirmed a cyberattack exploiting an Oracle PeopleSoft zeroday, with ShinyHunters claiming theft of 3.1TB of data Stolen cache allegedly includes insurer filings, credit rating files, AWS logs, configs, and PII; NAIC says only financial reports and technical data were taken Incident spotted June 11, disclosed June 17; files leaked online suggest NAIC did not pay ransom, as ShinyHunters continues exploiting the zeroday across 100+ organizations The National Association of Insurance Commissioners (NAIC) confirmed suffering a cyberattack that
    resulted in the stolen data being leaked on the dark web. While the company did not name the group responsible, or mentioned the size of the stolen
    cache, the infamous ShinyHunters claimed responsibility and stated they snatched around 3.1TB of information.

    In a security notice published on the NAIC website, it was explained that the attackers managed to exploit a zero-day vulnerability in Oracle PeopleSoft. This is an enterprise resource planning (ERP) software suite, designed to
    help businesses manage employees, finances, supply chains, and more. Citing Google Mandiant, Cybernews says ShinyHunters first started exploiting the zero-day on May 27, and managed to compromise more than 100 organizations and 300 individuals, before Oracle finally pushed an emergency update on June 10. Among the victims, as we now know, is NAIC, whose PeopleSoft environment was compromised, and used to obtain credentials and move laterally to internal data storage locations. Latest Videos From Watch full video here:
    ShinyHunters step forward Based on NAICs investigation, the stolen
    information includes publicly available statutory financial reports, insurer investment credit rating data, and some technical information such as
    outdated logs and configuration files. There is no evidence that personal information, banking information, or payment data was accessed, it said.

    NAIC spotted the attack on June 11 and immediately launched its incident response protocol, which includes notifying law enforcement, blocking malicious actors, and bringing in third-party security experts. The
    Commission disclosed the incident on June 17, a day before ShinyHunters went public. You may like 2.6 million DentaQuest accounts exposed by data breach ShinyHunters claim 234GB of data stolen Oracle warns of critical PeopleSoft attack affecting hundreds of customers ShinyHunters exposes data on
    Mytheresa, Zara, Carnival, 7-Eleven over 40 organizations tied up in new
    data trove which will stay up 'indefinitely'

    The notorious ransomware gang claims to have taken more than 264,000 insurer regulatory filing documents, 2,000 customer and bulk orders containing personally identifiable information, some 45,000 files from major credit rating agencies, statutory annual and quarterly financial statements
    submitted by insurers, production AWS infrastructure logs, cloud
    configuration files, and workload automation data, and SQL scripts.

    Since the files were seemingly leaked online, its safe to assume that NAIC
    did not (want to) pay the ransom demand. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me
    with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    Via Cybernews The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/naic-confirms-data-breach-with-shinyhun ters-claiming-3-1tb-of-data-stolen-in-oracle-zero-day-attack


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)