๐Ÿ‡บ๐Ÿ‡ธ US 30-yr mortgage rate: 6.55% โ€” Bankrate, June 10๐Ÿ‡ฏ๐Ÿ‡ต BOJ June rate hike: 80% market probability โ€” CNBC๐Ÿ‡ฎ๐Ÿ‡ณ India opens insurance to 100% FDI under automatic route๐Ÿ‡บ๐Ÿ‡ธ Fed holds rates at 3.50โ€“3.75% โ€” third consecutive hold๐ŸŒ Global cyber insurance market: $33.4B projected for 2026๐Ÿ‡ฌ๐Ÿ‡ง FCA: Insurance premium finance APRs down 4.1% since 2022๐Ÿ‡ฐ๐Ÿ‡ท DB Insurance completes $1.65B Fortegra acquisition๐Ÿ‡บ๐Ÿ‡ธ Medicaid cuts: CBO estimates 11.8M to lose coverage๐Ÿ‡ฆ๐Ÿ‡บ APRA CPS 230 amendments effective July 1, 2026๐Ÿ‡ฉ๐Ÿ‡ช BaFin launches dedicated cyber insurance reporting class๐Ÿ‡บ๐Ÿ‡ธ US 30-yr mortgage rate: 6.55% โ€” Bankrate, June 10๐Ÿ‡ฏ๐Ÿ‡ต BOJ June rate hike: 80% market probability โ€” CNBC๐Ÿ‡ฎ๐Ÿ‡ณ India opens insurance to 100% FDI under automatic route๐Ÿ‡บ๐Ÿ‡ธ Fed holds rates at 3.50โ€“3.75% โ€” third consecutive hold๐ŸŒ Global cyber insurance market: $33.4B projected for 2026๐Ÿ‡ฌ๐Ÿ‡ง FCA: Insurance premium finance APRs down 4.1% since 2022๐Ÿ‡ฐ๐Ÿ‡ท DB Insurance completes $1.65B Fortegra acquisition๐Ÿ‡บ๐Ÿ‡ธ Medicaid cuts: CBO estimates 11.8M to lose coverage๐Ÿ‡ฆ๐Ÿ‡บ APRA CPS 230 amendments effective July 1, 2026๐Ÿ‡ฉ๐Ÿ‡ช BaFin launches dedicated cyber insurance reporting class
PG

PolicyGlobal

Insurance & Finance Intelligence

Cybersecurity data breach affecting insurance regulator systems - illustrative image
Regulation๐Ÿ‡บ๐Ÿ‡ธUnited States

NAIC Confirms ShinyHunters Cyberattack as Stolen Insurance Regulator Data Published Online

Editorial Deskยทยท5 min read
Verified Story

The National Association of Insurance Commissioners (NAIC) has confirmed that data stolen in a June ransomware attack via an Oracle PeopleSoft zero-day vulnerability has been published online by the ShinyHunters group, which claims to have taken 3.1 terabytes of data across more than 105,000 files. The NAIC says no personally identifiable information or payment data was accessed, though credit rating agencies have paused data feeds, temporarily suspending the assignment of insurer investment designations.

The National Association of Insurance Commissioners (NAIC) โ€” the standard-setting body that supports insurance regulators across all 50 US states โ€” has confirmed it was the victim of a significant cyberattack, with stolen data now published online by the threat actor responsible. The intrusion was identified on June 11, 2026, and publicly disclosed beginning June 17, with the NAIC providing a series of updates through late June.

The breach was carried out via a critical zero-day vulnerability in Oracle PeopleSoft (tracked as CVE-2026-35273), an unauthenticated remote code execution flaw carrying a maximum-severity CVSS score of 9.8 out of 10. The flaw was actively exploited for roughly two weeks before Oracle published any official advisory on June 10. The NAIC said the attack was part of a broad criminal campaign that struck more than 100 organizations worldwide. The ransomware group ShinyHunters claimed responsibility, alleging it stole 3.1 terabytes of data โ€” more than 105,000 files โ€” and posted the material on its leak site after the NAIC apparently did not meet a June 22 extortion deadline.

ShinyHunters claimed access to key NAIC regulatory technology including the System for Electronic Rate and Form Filing (SERFF), the Online Premium Tax for Insurance (OPTins), the Uniform Certificate of Authority Application (UCAA), the Enterprise Data Platform (EDP), and the Regulatory Data Collection (RDC). However, the NAIC said outside cybersecurity experts confirmed these regulatory reporting systems were not compromised. The organization stated that no personally identifiable information, payment data, employee personal data, electronic funds transfer information, risk-based capital data, policyholder information, or producer data was accessed. The NAIC said it does not believe the group holds the volume or scope of data it has publicly claimed.

One operational impact remains active: certain credit rating agencies paused their data feeds following the incident, leading the NAIC to temporarily suspend assigning designations to insurer investments โ€” a process used in determining the financial health and capital treatment of insurer portfolios. The FBI is coordinating on the investigation. The National Association of Mutual Insurance Companies (NAMIC) criticized the NAIC's communication timeline, noting the gap between the June 11 discovery and the first June 17 public post, and called for an assessment of concentration risk given the volume of sensitive industry data the NAIC holds.

Key Points

  • 1NAIC confirmed a cyberattack via an Oracle PeopleSoft zero-day flaw (CVE-2026-35273, CVSS 9.8)
  • 2ShinyHunters claims to have stolen 3.1 terabytes of data across 105,000+ files and published it online
  • 3NAIC says no personally identifiable information, payment, or policyholder data was accessed
  • 4Credit rating agencies paused data feeds, suspending NAIC insurer investment designations
  • 5The FBI is coordinating the investigation; the attack hit 100+ organizations globally

Why This Matters

The NAIC sits at the center of the US insurance regulatory system, and its data and analysis influence everything from insurer financial-strength assessments to product pricing and oversight. A breach of its infrastructure has potential ripple effects across the entire insurance industry, which the US government classifies as critical infrastructure. For insurers, agents, and consumers, the incident is a stark reminder that even core regulatory bodies face escalating cyber risk โ€” and underscores why cyber insurance and operational resilience have become board-level priorities.

#NAIC#cyberattack#ransomware#ShinyHunters#data breach#insurance regulation

Original Source

Insurance Journal / NAIC โ†—
Verified ยท Jun 27, 2026Read Original
Disclaimer: This article is for informational purposes only and does not constitute financial, investment, legal, or insurance advice. Always consult a qualified professional before making financial decisions. PolicyGlobal reports on publicly available information from third-party sources and cannot guarantee the accuracy or completeness of such information.

Related Stories

Health insurance enrollment and ACA marketplace coverage - illustrative image
Healthcare Insurance

5 Million Americans Drop ACA Health Insurance After Subsidy Expiration Doubles Premiums

June 26, 2026

Auto lending and insurance-backed credit technology - illustrative image
FinTech

ANV Group to Acquire Open Lending for $372 Million in Insurance-Backed Auto Lending Push

June 16, 2026

US housing market and mortgage rates for homebuyers - illustrative image
Loans & Mortgage

US Mortgage Rates Hold in Mid-6% Range as Iran War Keeps Inflation Pressures Elevated

June 27, 2026

US auto insurance and car premium pricing trends 2026 - illustrative image
Auto Insurance

US Auto Insurance Premiums Stabilize in 2026 After Years of Sharp Increases, but Gas Prices Offer No Relief

June 27, 2026

Daily Intelligence

The PolicyGlobal Daily Brief

Get the top 5 insurance and finance stories every morning, curated and verified by our editorial desk. No spam. Unsubscribe anytime.

Informational newsletter only. Not financial advice. Disclaimer