Signal

US insurance regulator NAIC suffers data breach via Oracle PeopleSoft zero-day exploit

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-06-29 10:00 UTCUpdated 2026-06-29 13:42 UTC

rss

cvebreachthreat_actorsincident_response

Trend in the last 24h

Current brief openSource links open

This current signal is open on the public brief with summary, metadata, source links, and full evidence. Pro adds compare-over-time, alerts, exports, and workflow.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

SecurityWeek - Insurance regulators group NAIC hit in Oracle PeopleSoft hack

securityweek.com · securityweek.com · 2026-06-29 13:42 UTC

US Federal Insurance Regulator Confirms Data Breach Via Oracle Flaw

Infosecurity Magazine · infosecurity-magazine.com · 2026-06-29 10:00 UTC

limited source diversity in top sources

View all evidence

Overview

The National Association of Insurance Commissioners (NAIC), which sets standards for the US federal insurance system, has confirmed a data breach caused by an attacker exploiting a zero-day vulnerability in Oracle PeopleSoft.

Entities

OracleNational Association of Insurance CommissionersShinyHunters

Score total

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

The incident was confirmed recently, highlighting ongoing risks from unpatched vulnerabilities.
ShinyHunters' claim of 3.1 TB data theft signals a significant breach scale.
Insurance sector regulators must urgently assess and mitigate fallout from this compromise.

Why it matters

The breach exposes sensitive regulatory data critical to the US insurance system.
Exploitation of a zero-day in widely used Oracle software underscores patching challenges.
Data theft by extortion groups increases risk of further exploitation or public exposure.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: medium

Recurring claims

NAIC was breached via a zero-day vulnerability in Oracle PeopleSoft
ShinyHunters extortion group claims to have stolen 3.1 TB of data from NAIC

How sources frame it

SecurityWeek: neutral

All evidence

SecurityWeek - Insurance regulators group NAIC hit in Oracle PeopleSoft hack

securityweek.com · securityweek.com · 2026-06-29 13:42 UTC

US Federal Insurance Regulator Confirms Data Breach Via Oracle Flaw

Infosecurity Magazine · infosecurity-magazine.com · 2026-06-29 10:00 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

securityweek.com (1)
Infosecurity Magazine (1)

Top origin domains (this list)

securityweek.com (1)
infosecurity-magazine.com (1)