Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1794+ Articles
149+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. News
  3. NAIC Says Only Public Data Stolen in ShinyHunters PeopleSoft Breach
NAIC Says Only Public Data Stolen in ShinyHunters PeopleSoft Breach
NEWS

NAIC Says Only Public Data Stolen in ShinyHunters PeopleSoft Breach

The National Association of Insurance Commissioners confirms ShinyHunters exploited an Oracle PeopleSoft zero-day but says only publicly available data,...

Dylan H.

News Desk

June 29, 2026
4 min read

The National Association of Insurance Commissioners (NAIC) has confirmed it was among the organizations breached by the ShinyHunters extortion group following the exploitation of a zero-day vulnerability in Oracle PeopleSoft — but says the impact was limited compared to what the attackers may have hoped.

NAIC's Assessment

According to the organization's disclosure, ShinyHunters gained access to NAIC systems by exploiting the Oracle PeopleSoft vulnerability, but the data exfiltrated was limited to:

  • Publicly available information — data already accessible without authentication
  • Outdated log files — historical system logs no longer containing sensitive operational data
  • Configuration files — system configuration data with limited practical value to attackers

The NAIC says it does not believe sensitive regulatory or consumer data was compromised, though it is continuing to investigate the full scope of the intrusion.

What Is the NAIC?

The National Association of Insurance Commissioners is the U.S. standard-setting and regulatory support organization for state-based insurance regulation. It serves as a forum for insurance regulators from all 50 states, the District of Columbia, and five U.S. territories. The NAIC develops model laws and regulations and maintains critical insurance data and analytics.

Given its role as a clearinghouse for insurance regulatory data, an NAIC breach targeting sensitive data could have significant downstream effects — making the organization's assessment that only limited data was taken a relative relief.

The Oracle PeopleSoft Zero-Day Connection

This incident is part of a broader wave of intrusions tied to a zero-day vulnerability in Oracle PeopleSoft, an enterprise platform used for HR, finance, and regulatory reporting. ShinyHunters appears to have weaponized this vulnerability against multiple organizations simultaneously, including Nissan (disclosed separately today).

The zero-day nature of the exploit means organizations had no advance warning or patch available at the time of the attacks. Oracle has been notified and is expected to issue an out-of-band patch addressing the vulnerability.

Limited Damage — But Questions Remain

While NAIC's characterization of the breach as low-impact is reassuring, security experts note several caveats:

Configuration files can be valuable. Even "outdated" config files may reveal:

  • Internal network topology and server addresses
  • Database connection strings (if not rotated)
  • Software versions that aid in identifying additional vulnerabilities

Log files may aid future attacks. Historical logs can expose usernames, IP addresses, authentication patterns, and application behavior that attackers use for reconnaissance.

Attackers often understate what they have. The full scope of what ShinyHunters extracted may only become clear if the data surfaces on underground forums.

ShinyHunters' PeopleSoft Campaign

The NAIC breach is one of several organizations targeted through the same Oracle PeopleSoft zero-day. ShinyHunters appears to be running a coordinated campaign across multiple sectors, with insurance, automotive, and potentially other industries in scope. This pattern of mass exploitation — using a single zero-day against multiple high-value targets — has become a hallmark of the group's 2026 operations.

Recommendations for Insurance Sector Organizations

Organizations in the insurance and financial regulation space should immediately:

  • Audit Oracle PeopleSoft deployments — verify exposure and apply any available mitigations from Oracle
  • Review log retention policies — ensure old logs containing sensitive data are purged on schedule
  • Rotate secrets found in config files — assume any configuration data accessible via PeopleSoft may be compromised
  • Monitor for data on underground forums — set up alerts for organizational data appearing on BreachForums and similar platforms
  • Engage threat intelligence feeds — subscribe to sector-specific threat intel for early warning of emerging campaigns

Regulatory Reporting Obligations

Organizations in regulated industries (insurance, finance, healthcare) that experience data breaches have reporting obligations under various state and federal laws. Even if only publicly available data was taken, organizations should consult legal counsel on whether regulatory notifications are required given the unauthorized access itself.

#Zero-Day#Vulnerability#Data Breach#ShinyHunters#Oracle#Insurance#BleepingComputer

Related Articles

Nissan Discloses Employee Data Breach Linked to Oracle Zero-Day Attacks

Nissan warns that current and former employees had data stolen after threat actors exploited an Oracle PeopleSoft zero-day vulnerability tied to the...

4 min read

Oracle Mitigates PeopleSoft Zero-Day Exploited in Data Theft Attacks

Oracle has issued an emergency mitigation for CVE-2026-35273, a critical unauthenticated RCE flaw in PeopleSoft Suite being actively exploited by the...

3 min read

Google Confirms ShinyHunters Exploited Oracle PeopleSoft Zero-Day CVE-2026-35273

Google's Threat Intelligence Group confirmed in-the-wild exploitation of Oracle PeopleSoft zero-day CVE-2026-35273 by ShinyHunters, even as Oracle...

5 min read
Back to all News