NAIC confirms data breach after Oracle PeopleSoft zero-day exploited by ShinyHunters
The National Association of Insurance Commissioners disclosed on 23 June 2026 that attackers exploited an Oracle PeopleSoft zero-day to access part of its environment, and by 25 June the extortion group ShinyHunters had published the stolen data online, claiming more than 3.1 terabytes.
- Victim
- National Association of Insurance Commissioners (NAIC)