THE National Association of Insurance Commissioners (NAIC) confirmed it was targeted in a recent hacking campaign exploiting a zero-day vulnerability in Oracle PeopleSoft. The attacks, discovered on June 11, were attributed to the ShinyHunters cybercrime group, which claimed to have stolen over 105,000 files from NAIC. Despite initial claims of extensive data theft, including sensitive financial information, NAIC stated that no personally identifiable information or financial accounts were compromised. The group has also claimed attacks on over 100 organizations, with NAIC being the first to publicly acknowledge a breach.
NAIC PeopleSoft Zero-Day Hack by ShinyHunters, Denies Leak
CyberSIXT Evidence Panel
Source marked as original reporting
Threat Actor
Article by CyberSIXT
Timeline Coverage
Swipe to explore timeline
-
NAIC PeopleSoft Zero-Day Hack by ShinyHunters, Denies Leak
www.securityweek.com
-
US Federal Insurance Regulator Confirms Data Breach Via Oracle Flaw
infosecurity-magazine.com
-
NAIC Hit by ShinyHunters Cyber Attack, Leaks 3.1 TB of Data
databreaches.net
-
Oracle PeopleSoft flaw lets attackers bypass auth, CVE-2026-35273
securityonline.info
-
CVE-2026-35273 flaw lets attackers wipe Wazuh logs via PeopleSoft
-
CISA warns of Oracle PeopleSoft zero day exploit CVE-2026-35273
securityaffairs.com
-
CISA Adds Oracle PeopleSoft Flaw CVE-2026-35273 to KEV Catalog
cisa.gov
-
ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed
darkreading.com
-
ShinyHunters exploit PeopleSoft flaw CVE-2026-35273, hit 100 unis
arstechnica.com
-
ShinyHunters Exploits Oracle PeopleSoft Flaw Leaks Data Worldwide
-
Active Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273)
rapid7.com