US National Association of Insurance Commissioners (NAIC) hit by network compromise
Incident
Summary
Hide ▲
Show ▼
NAIC disclosed a security breach that exposed US citizens’ credit rating data and briefly disrupted operations tied to Oracle PeopleSoft. The breach was detected on June 11 and publicly disclosed on June 17, with a later update confirming unauthorized access through a zero-day vulnerability. Some accessed data was published, and the association temporarily suspended insurer-investment designations while containment and recovery work continued. Most operations have returned to normal, but online invoice payment via PeopleSoft remains unavailable.
Related Happenings
Oracle PeopleSoft broad zero-day exploitation campaign
Exploitation Wave
H score9
First: 29.06.2026 13:00
Last: 29.06.2026 13:00
Sources 1
How related:
The incident was the result of “a broad campaign to exploit a vulnerability in PeopleSoft that was unknown to the developer or software users at the time, which affected multiple organizations,” the NAIC added.
About this happening:
A **broad PeopleSoft zero-day exploitation campaign** exposed **multiple organizations** to compromise after attackers abused a **previously unknown Oracle PeopleSoft vulnerabilit...
Oracle PeopleSoft broad zero-day exploitation campaign
Exploitation WaveHow related: The incident was the result of “a broad campaign to exploit a vulnerability in PeopleSoft that was unknown to the developer or software users at the time, which affected multiple organizations,” the NAIC added.
About this happening: A **broad PeopleSoft zero-day exploitation campaign** exposed **multiple organizations** to compromise after attackers abused a **previously unknown Oracle PeopleSoft vulnerabilit...
Oracle PeopleSoft PeopleTools zero-day RCE (CVE-2026-35273)
Vulnerability
H score58
First: 11.06.2026 22:39
Last: 11.06.2026 22:39
Sources 1
How related:
an unauthorized actor gained access to “a portion” of its environment through the exploitation of a zero-day vulnerability in Oracle PeopleSoft, which NAIC uses for internal financial reporting purposes.
About this happening:
**Oracle PeopleSoft PeopleTools** **CVE-2026-35273** is a critical **zero-day RCE** affecting **versions 8.61 and 8.62**. Oracle has released **emergency mitigations** while a pat...
Oracle PeopleSoft PeopleTools zero-day RCE (CVE-2026-35273)
VulnerabilityHow related: an unauthorized actor gained access to “a portion” of its environment through the exploitation of a zero-day vulnerability in Oracle PeopleSoft, which NAIC uses for internal financial reporting purposes.
About this happening: **Oracle PeopleSoft PeopleTools** **CVE-2026-35273** is a critical **zero-day RCE** affecting **versions 8.61 and 8.62**. Oracle has released **emergency mitigations** while a pat...
Charter Communications hit by network compromise linked to ShinyHunters
Incident
H score70
First: 26.05.2026 22:46
Last: 26.05.2026 22:46
Sources 1
About this happening:
**Charter Communications** confirmed a **data breach** tied to **ShinyHunters** extortion, with the company saying it is **alerting authorities** and that **no sensitive personal...
Charter Communications hit by network compromise linked to ShinyHunters
IncidentAbout this happening: **Charter Communications** confirmed a **data breach** tied to **ShinyHunters** extortion, with the company saying it is **alerting authorities** and that **no sensitive personal...
Latest development: 29.05.2026 11:29
Have I Been Pwned analyzed leaked Charter Communications data and confirmed that the incident affected 4.9 million accounts, with exposed records including names, email addresses, job titles, phone numbers, and physical addresses. The published data also included a subset of about 85,000 records from an internal employee directory.
Madison Square Garden hit by network compromise linked to Cl0p
Incident
H score38
First: 02.03.2026 15:53
Last: 02.03.2026 15:53
Sources 1
About this happening:
**Madison Square Garden** confirmed a **data breach** that exposed **names and SSNs**, and it has started notifying affected people. The compromise involved a **hosted Oracle E-Bu...
Madison Square Garden hit by network compromise linked to Cl0p
IncidentAbout this happening: **Madison Square Garden** confirmed a **data breach** that exposed **names and SSNs**, and it has started notifying affected people. The compromise involved a **hosted Oracle E-Bu...
Wynn Resorts hit by cyberattack
Incident
H score50
First: 24.02.2026 23:51
Last: 24.02.2026 23:51
Sources 1
About this happening:
**Wynn Resorts** confirmed an **employee data breach** after an unauthorized third party stole data from its systems, creating exposure risk for staff records. The company said it...
Wynn Resorts hit by cyberattack
IncidentAbout this happening: **Wynn Resorts** confirmed an **employee data breach** after an unauthorized third party stole data from its systems, creating exposure risk for staff records. The company said it...
Timeline
-
29.06.2026 13:00 1 articles · 1h ago
NAIC detects unauthorized access to Oracle PeopleSoft
Detection Ioc UpdateThe US National Association of Insurance Commissioners (NAIC) detected unauthorized access to its environment on June 11 after an actor exploited a zero-day vulnerability in Oracle PeopleSoft used for internal financial reporting.
Show sources
- US Federal Insurance Regulator Confirms Data Breach Via Oracle Flaw — www.infosecurity-magazine.com — 29.06.2026 13:00
-
29.06.2026 13:00 1 articles · 1h ago
NAIC publicly discloses breach exposing credit rating data
Initial DisclosureThe US National Association of Insurance Commissioners (NAIC) publicly disclosed on June 17 that it had suffered a security breach that exposed US citizens' credit rating data.
Show sources
- US Federal Insurance Regulator Confirms Data Breach Via Oracle Flaw — www.infosecurity-magazine.com — 29.06.2026 13:00
-
26.06.2026 03:00 2 articles · 3d ago
NAIC confirms Oracle PeopleSoft intrusion exposed data and left invoice payments unavailable
Victim Impact UpdateOn June 26, the NAIC said an unauthorized actor gained access to a portion of its environment by exploiting a zero-day vulnerability in Oracle PeopleSoft, obtained temporary access to data storage areas, published some accessed data, and caused some credit rating agencies to pause feeds, which led the association to temporarily suspend assigning designations to insurer investments while online invoice payment via PeopleSoft remained unavailable.
Show sources
- US Federal Insurance Regulator Confirms Data Breach Via Oracle Flaw — www.infosecurity-magazine.com — 29.06.2026 13:00
- US Federal Insurance Regulator Confirms Data Breach Via Oracle Flaw — www.infosecurity-magazine.com — 29.06.2026 13:00