๐Ÿ‡บ๐Ÿ‡ธ US 30-yr mortgage rate: 6.55% โ€” Bankrate, June 10๐Ÿ‡ฏ๐Ÿ‡ต BOJ June rate hike: 80% market probability โ€” CNBC๐Ÿ‡ฎ๐Ÿ‡ณ India opens insurance to 100% FDI under automatic route๐Ÿ‡บ๐Ÿ‡ธ Fed holds rates at 3.50โ€“3.75% โ€” third consecutive hold๐ŸŒ Global cyber insurance market: $33.4B projected for 2026๐Ÿ‡ฌ๐Ÿ‡ง FCA: Insurance premium finance APRs down 4.1% since 2022๐Ÿ‡ฐ๐Ÿ‡ท DB Insurance completes $1.65B Fortegra acquisition๐Ÿ‡บ๐Ÿ‡ธ Medicaid cuts: CBO estimates 11.8M to lose coverage๐Ÿ‡ฆ๐Ÿ‡บ APRA CPS 230 amendments effective July 1, 2026๐Ÿ‡ฉ๐Ÿ‡ช BaFin launches dedicated cyber insurance reporting class๐Ÿ‡บ๐Ÿ‡ธ US 30-yr mortgage rate: 6.55% โ€” Bankrate, June 10๐Ÿ‡ฏ๐Ÿ‡ต BOJ June rate hike: 80% market probability โ€” CNBC๐Ÿ‡ฎ๐Ÿ‡ณ India opens insurance to 100% FDI under automatic route๐Ÿ‡บ๐Ÿ‡ธ Fed holds rates at 3.50โ€“3.75% โ€” third consecutive hold๐ŸŒ Global cyber insurance market: $33.4B projected for 2026๐Ÿ‡ฌ๐Ÿ‡ง FCA: Insurance premium finance APRs down 4.1% since 2022๐Ÿ‡ฐ๐Ÿ‡ท DB Insurance completes $1.65B Fortegra acquisition๐Ÿ‡บ๐Ÿ‡ธ Medicaid cuts: CBO estimates 11.8M to lose coverage๐Ÿ‡ฆ๐Ÿ‡บ APRA CPS 230 amendments effective July 1, 2026๐Ÿ‡ฉ๐Ÿ‡ช BaFin launches dedicated cyber insurance reporting class
PG

PolicyGlobal

Insurance & Finance Intelligence

Cybersecurity breach and insurance regulatory data protection - illustrative image
Regulation๐Ÿ‡บ๐Ÿ‡ธUnited States

NAIC Confirms Insurance Regulator Data Stolen in PeopleSoft Hack as ShinyHunters Publishes 3.1TB Online

Editorial Deskยทยท5 min read
Verified Story

The National Association of Insurance Commissioners (NAIC) confirmed on June 25 that data stolen in a cyberattack on its Oracle PeopleSoft system has been published online by the responsible group. The extortion group ShinyHunters exploited a zero-day vulnerability (CVE-2026-35273) and claims to have obtained 3.1 terabytes of data, though the NAIC maintains no personally identifiable or payment information was accessed and the group does not hold the scope of data it claims.

The body that coordinates US state insurance regulators has become the latest high-profile victim of a sweeping global cyberattack campaign. The National Association of Insurance Commissioners (NAIC) โ€” a nonprofit organization that helps insurance regulators across all 50 states set standards and protect consumers โ€” confirmed on June 25, 2026, that data stolen during a breach of its Oracle PeopleSoft system has been published online by the group responsible.

The NAIC first identified unauthorized access on June 11 and disclosed the incident publicly on June 23. Investigators determined the attacker exploited a critical zero-day vulnerability in Oracle PeopleSoft tracked as CVE-2026-35273 โ€” an unauthenticated remote code execution flaw carrying a maximum-severity CVSS score of 9.8. Oracle did not publish an advisory until June 10, meaning the flaw was actively exploited for roughly two weeks before any official fix existed. The breach was part of a broader criminal campaign that struck more than 100 organizations worldwide.

The extortion group ShinyHunters claimed responsibility, alleging it obtained 3.1 terabytes of data โ€” more than 105,000 files โ€” spanning systems including the statistical INSData platform, credit rating feeds, and various state insurance reporting tools. The group claimed the trove included millions of insurer regulatory filing PDFs and tens of thousands of rating agency files from Moody's, Fitch, S&P, Kroll, DBRS, and AM Best containing CUSIP and ISIN financial identifiers.

The NAIC has pushed back firmly on the scope of these claims. The organization stated that outside cybersecurity experts confirmed key regulatory systems โ€” including SERFF (System for Electronic Rate and Form Filing), OPTins, UCAA, the Enterprise Data Platform, and Regulatory Data Collection โ€” were not compromised. Critically, the NAIC said no personally identifiable information, payment data, credit card or banking details, policyholder information, or producer data was accessed. State insurance departments' own systems were unaffected. As a precaution, certain credit rating agencies paused their data feeds, leading the NAIC to temporarily suspend assigning designations to insurer investments โ€” a process it warned could take months to fully restore. The FBI is coordinating the investigation.

Key Points

  • 1NAIC confirmed on June 25 that data from its breach has been published online by the responsible group
  • 2The attack exploited a zero-day Oracle PeopleSoft flaw (CVE-2026-35273) with a maximum CVSS score of 9.8
  • 3ShinyHunters claims 3.1 terabytes and 105,000+ files were stolen; NAIC disputes the scope of these claims
  • 4NAIC says no personally identifiable information, payment, or policyholder data was accessed
  • 5Credit rating agencies paused data feeds, suspending NAIC investment designations for potentially months

Why This Matters

The NAIC sits at the center of the US insurance regulatory system, and the insurance industry is classified as critical national infrastructure. A breach of its systems has potential ripple effects across financial reporting, credit ratings, and regulatory oversight nationwide. For insurers, the temporary suspension of investment designations creates real operational friction. The incident is also a stark reminder that even well-resourced regulatory bodies remain vulnerable to zero-day supply chain attacks โ€” reinforcing the surging demand for cyber insurance and the systemic accumulation risk that regulators globally are increasingly worried about.

#cyber breach#NAIC#insurance regulation#ransomware#ShinyHunters#data security

Original Source

Insurance Journal / NAIC โ†—
Verified ยท Jun 28, 2026Read Original
Disclaimer: This article is for informational purposes only and does not constitute financial, investment, legal, or insurance advice. Always consult a qualified professional before making financial decisions. PolicyGlobal reports on publicly available information from third-party sources and cannot guarantee the accuracy or completeness of such information.

Related Stories

Health insurance enrollment and ACA marketplace coverage - illustrative image
Healthcare Insurance

5 Million Americans Drop ACA Health Coverage in 2026 After Premium Subsidies Expire

June 26, 2026

Federal Reserve building representing US monetary policy decisions - illustrative image
Economy

US Federal Reserve Holds Rates Steady but Signals Possible Hike as Inflation Hits 4.2%

June 26, 2026

Insurance company merger and life retirement financial services - illustrative image
Life Insurance

Corebridgeโ€“Equitable $22 Billion Merger Reshapes US Life and Retirement Insurance Landscape

June 12, 2026

Sydney financial district and Australian prudential regulation compliance - illustrative image
Regulation

Australia's APRA CPS 230 Operational Risk Standard Takes Full Effect July 1

June 28, 2026

Daily Intelligence

The PolicyGlobal Daily Brief

Get the top 5 insurance and finance stories every morning, curated and verified by our editorial desk. No spam. Unsubscribe anytime.

Informational newsletter only. Not financial advice. Disclaimer