NAIC discloses data breach affecting PeopleSoft systems
The National Association of Insurance Commissioners (NAIC) discovered unauthorized access to its PeopleSoft systems on or about June 11, 2026. The incident was identified as a ransomware attack, with the ShinyHunters threat actor group claiming responsibility and alleging the theft of 3.1 terabytes of data, including regulatory filings, statistical reports, insurer financial statements, and rating agency files. The NAIC promptly activated incident response procedures, engaged cybersecurity experts, and is coordinating with law enforcement.
Signal context
First seen: Jun 11, 2026
Last updated: Jun 26, 2026
Status: Public signal
Key points
- Unauthorized access to PeopleSoft systems discovered on or about June 11, 2026.
- Incident identified as a ransomware attack.
- ShinyHunters threat group claimed responsibility and alleged theft of 3.1 TB of data.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Finance and Insurance
Likely country: Location not provided
Watch ransomware, endpoint compromise and business interruption exposure.
- Source type: outside the affected organization
Impact area: Confidentiality, Availability
Likely asset: User or customer data
- 19 signals in the same sector
- 100 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
ShinyHunters linked to exploitation of critical flaw in Oracle PeopleSoft | Cybersecurity Divehttps://www.cybersecuritydive.com/news/shinyhunters-oracle-peoplesoft-vulnerability-exploitation/718890/Public source from cybersecuritydive.com.
Security Incident Update - NAIChttps://content.naic.org/about/security-updatePublic source from content.naic.org.
NAIC Data Breach: 3.1TB of Data Compromised - Claim Depothttps://www.claimdepot.com/data-breach/naic-2026Public source from claimdepot.com.
NAIC confirms June data breach - Business Insurancehttps://www.businessinsurance.com/article/20260625/NEWS06/912345678/NAIC-confirms-June-data-breachPublic source from businessinsurance.com.
Security Incident Update - NAIChttps://www.naic.org/security_incident_update.htmPublic source from naic.org.
Related signals
Grouped by why the signal is relevant.
Council of Europe Suffers Data Breach, ShinyHunters Claims Exfiltration of HR and Payroll Data
The Council of Europe was reported to be a victim of a ransomware attack around June 1, 2026, with the ShinyHunters group claiming responsibility. The attackers allegedly exfiltrated 297 GB of data, including 429,000 files, comprising payslips, HR records, CVs, and financial information. Public reporting indicates a June 2026 intrusion, followed by phased disclosure and system hardening.
Beacon Mutual Insurance Co. Ransomware Attack Compromises 131,000 Rhode Islanders' Data
Beacon Mutual Insurance Co., Rhode Island's largest workers' compensation insurer, disclosed that highly sensitive personal information belonging to over 131,000 Rhode Islanders was compromised in a ransomware attack earlier in the year. An unauthorized person gained access to the company's system between January 7th and January 14th, accessing files containing names, Social Security numbers, driver's license numbers, financial account numbers, health insurance information, and/or medical treatment details.
Fluke Corporation Discloses Data Breach Affecting 18,000 Individuals; Clop Ransomware Claims Responsibility
Fluke Corporation notified over 18,000 individuals of a data breach that originally occurred in August 2025. The breach, which reportedly lasted two months, compromised highly sensitive personal information including Social Security Numbers (SSNs), birth dates, and self-identified disability status. The incident was attributed to an exploited vulnerability in a third-party application used by the company. The Clop ransomware group claimed responsibility for the breach, listing Fluke Corporation on its dark web leak site.
Tampa Bay Dental Implants & Prosthetics discloses ransomware attack and data exposure
Tampa Bay Dental discovered unauthorized access to its network on January 19, 2026, when ransomware was used to encrypt files on a legacy server containing a backup of electronic medical records. Patient data, including names, contact information, birth dates, treatment notes, clinical histories, and for some, Social Security numbers, was exposed.
Tejarat Bank Affected by Cyberattacks in Iran
Tejarat Bank was among three major Iranian banks affected by a wave of cyberattacks reported on June 23, 2026. The incident prompted a temporary nationwide suspension of card-based services to prevent unauthorized access. This follows an earlier wave of disruptions in mid-June.
Saderat Bank Affected by Cyberattacks in Iran
Saderat Bank was among three major Iranian banks affected by a wave of cyberattacks reported on June 23, 2026. The incident prompted a temporary nationwide suspension of card-based services to prevent unauthorized access. This follows an earlier wave of disruptions in mid-June.