National Association of Insurance Commissioners data leak claims
Data Leak
Summary
Hide ▲
Show ▼
ShinyHunters' June 25 leak update turned the NAIC intrusion into a public data leak and raised questions about what was actually taken from the insurer regulator. The group claimed a haul of 3.1 TB across 105,000 files, while NAIC says the accessed material was limited to publicly available reports, outdated logs, and configuration information. The disclosure matters because the published inventory also referenced SERFF, OPTins, and stored credentials tied to production environments.
Related Happenings
US National Association of Insurance Commissioners (NAIC) hit by network compromise
Incident
H score80
First: 29.06.2026 13:00
Last: 29.06.2026 13:00
Sources 1
How related:
The organization identified on June 11 that its PeopleSoft system had been accessed by an unauthorized party and discovered that "an unauthorized third party gained access to a portion of our IT systems."
About this happening:
**NAIC** disclosed a **security breach** that exposed **US citizens’ credit rating data** and briefly disrupted operations tied to **Oracle PeopleSoft**. The breach was detected o...
US National Association of Insurance Commissioners (NAIC) hit by network compromise
IncidentHow related: The organization identified on June 11 that its PeopleSoft system had been accessed by an unauthorized party and discovered that "an unauthorized third party gained access to a portion of our IT systems."
About this happening: **NAIC** disclosed a **security breach** that exposed **US citizens’ credit rating data** and briefly disrupted operations tied to **Oracle PeopleSoft**. The breach was detected o...
Kodak customer and internal data leak claim
Data Leak
H score75
First: 17.06.2026 10:07
Last: 17.06.2026 10:07
Sources 1
About this happening:
Kodak is facing a **claimed data leak** after **ShinyHunters** said it stole **over 2.2 million records** from the company and threatened public release. The claimed material incl...
Kodak customer and internal data leak claim
Data LeakAbout this happening: Kodak is facing a **claimed data leak** after **ShinyHunters** said it stole **over 2.2 million records** from the company and threatened public release. The claimed material incl...
Council of Europe ShinyHunters data leak claim
Data Leak
H score82
First: 15.06.2026 13:44
Last: 15.06.2026 13:44
Sources 1
About this happening:
**ShinyHunters** has posted the **Council of Europe** on a **Tor-based leak site**, claiming a data theft that could expose **more than 297 GB** and **over 429,000 files**. The al...
Council of Europe ShinyHunters data leak claim
Data LeakAbout this happening: **ShinyHunters** has posted the **Council of Europe** on a **Tor-based leak site**, claiming a data theft that could expose **more than 297 GB** and **over 429,000 files**. The al...
Oracle PeopleSoft PeopleTools zero-day RCE (CVE-2026-35273)
Vulnerability
H score58
First: 11.06.2026 22:39
Last: 11.06.2026 22:39
Sources 1
About this happening:
**Oracle PeopleSoft PeopleTools CVE-2026-35273** is a critical **zero-day RCE** affecting **PeopleSoft Enterprise PeopleTools 8.61 and 8.62**. Oracle released **emergency mitigati...
Oracle PeopleSoft PeopleTools zero-day RCE (CVE-2026-35273)
VulnerabilityAbout this happening: **Oracle PeopleSoft PeopleTools CVE-2026-35273** is a critical **zero-day RCE** affecting **PeopleSoft Enterprise PeopleTools 8.61 and 8.62**. Oracle released **emergency mitigati...
Latest development: 29.06.2026 23:40
Nissan says it suffered a data breach affecting current and former employees after attackers exploited an Oracle PeopleSoft zero-day associated with CVE-2026-35273. Oracle informed Nissan that personnel records of hundreds of companies may have been obtained and that Nissan was specifically targeted, with potentially exposed data including contact details, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax information, and dependent and beneficiary data for employees in the United States, Canada, Mexico, and Brazil.
Nottingham University data publication on ShinyHunters leak site
Data Leak
H score68
First: 10.06.2026 21:31
Last: 10.06.2026 21:31
Sources 1
About this happening:
**Nottingham University** data was published on the **ShinyHunters** leak site after the group claimed access to the university’s **student records system**. The exposed material...
Nottingham University data publication on ShinyHunters leak site
Data LeakAbout this happening: **Nottingham University** data was published on the **ShinyHunters** leak site after the group claimed access to the university’s **student records system**. The exposed material...
Timeline
-
29.06.2026 23:30 1 articles · 3h ago
NAIC identifies unauthorized access to PeopleSoft systems
Initial DisclosureNAIC identified unauthorized access to a portion of its IT systems on June 11 after CVE-2026-35273 was used against an Oracle PeopleSoft server. The organization said an unauthorized third party gained access to part of its systems.
Show sources
- NAIC says public data stolen in ShinyHunters' PeopleSoft breach — www.bleepingcomputer.com — 29.06.2026 23:30
-
29.06.2026 23:30 2 articles · 3h ago
ShinyHunters publishes a claimed NAIC file inventory
Campaign Scope UpdateOn June 25, ShinyHunters said it held 3.1 TB of data across 105,000 files stolen from NAIC systems, including insurer filing PDFs, rating agency files, AWS infrastructure configs, and stored credentials for SERFF, OPTins, and UCAA production environments. NAIC said the accessed material was limited to publicly available statutory financial reports, credit rating agency data, outdated logs, and configuration information, found no evidence of PII or financial data exposure, and said affected systems have been remediated.
Show sources
- NAIC says public data stolen in ShinyHunters' PeopleSoft breach — www.bleepingcomputer.com — 29.06.2026 23:30
- NAIC says public data stolen in ShinyHunters' PeopleSoft breach — www.bleepingcomputer.com — 29.06.2026 23:30