NAIC Confirms Data Breach and Publication of Stolen Data by ShinyHunters

Key points

• ShinyHunters claimed responsibility for the theft of 3.1TB of data, including insurer filings, credit rating files, AWS logs, configs, and PII.
• NAIC stated that only financial reports and technical data were taken, with no personally identifiable information (PII) or payment information compromised.
• The incident was spotted on June 11, 2026, and publicly announced on June 17, 2026, with confirmation of data publication on June 26, 2026.

This analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.

Affected organization

Naic

Sector: Finance and Insurance

Likely country: Location not provided

Estimated

Threat source

Hacking activity

Watch internet-facing systems, credential abuse and exploit activity.

• Source type: outside the affected organization

Business impact

Potential data exposure

Impact area: Confidentiality

Likely asset: User or customer data

Trend context

74 signals with similar action pattern

• 21 signals in the same sector
• 94 signals with the same likely impact area
• 1 signal linked to this organization/domain

Mentioned entities

NaicData DisclosureShinyHunters The National Association ofInsurance CommissionersNAICOracle PeopleSoftShinyHuntersAWSPII. NAICPII

External sources

• ShinyHunters linked to exploitation of critical flaw in Oracle PeopleSoft | Cybersecurity Divehttps://www.cybersecuritydive.com/news/shinyhunters-oracle-peoplesoft-vulnerability-exploitation/718890/Public source from cybersecuritydive.com.
• Security Incident Update - NAIChttps://content.naic.org/about/security-updatePublic source from content.naic.org.
• NAIC Data Breach: 3.1TB of Data Compromised - Claim Depothttps://www.claimdepot.com/data-breach/naic-2026Public source from claimdepot.com.
• NAIC confirms June data breach - Business Insurancehttps://www.businessinsurance.com/article/20260625/NEWS06/912345678/NAIC-confirms-June-data-breachPublic source from businessinsurance.com.
• Security Incident Update - NAIChttps://www.naic.org/security_incident_update.htmPublic source from naic.org.
• NAIC confirms June data breach - Business Insurancehttps://www.businessinsurance.com/naic-confirms-june-data-breach/Public source from businessinsurance.com.
• NAIC confirms data breach with ShinyHunters claiming 3.1TB of data stolen in Oracle zero-day attack | TechRadarhttps://www.techradar.com/pro/security/naic-confirms-data-breach-with-shinyhunters-claiming-3-1tb-of-data-stolen-in-oracle-zero-day-attackPublic source from techradar.com.

Related signals

Grouped by why the signal is relevant.

Insee·Jun 26, 2026

Same sectorSame action patternSame impact area

France's National Statistics Department (Insee) Hit by Cyberattack

France's national statistics department, Insee, announced on June 26, 2026, that it was the victim of a cyberattack that led to a breach of personal data from its staff directory. The incident, detected on June 19, 2026, affected approximately 12,800 current and former staff members and individuals from Insee-related civil service corps. The exposed data included identities and professional contact details, but no sensitive information such as passwords, bank details, or social security numbers.

Riskstrategies·Jun 26, 2026

Same sectorSame action patternSame impact area

Risk Strategies Discloses Data Breach Involving Personal and Medical Information

Risk Strategies (officially RSC Insurance Brokerage Inc.), an insurance brokerage and risk management firm, disclosed a data breach on June 26, 2026. The incident involved sensitive personal and medical information, with a report submitted to the Massachusetts Office of Consumer Affairs and Business Regulation on June 23, 2026. The exposed data included names, Social Security numbers, and for some individuals, medical information, medical records, and health, dental, or vision insurance details. At least 47 Massachusetts residents were affected.

Trenitalia·Jun 26, 2026

Same sectorSame action patternSame impact area

Trenitalia Suffers Cyberattack, Customer Data Compromised

Trenitalia, the Italian state-owned railway company, notified customers on June 26, 2026, about a cyberattack that led to unauthorized access of personal data related to travel tickets. The company detected the incident through internal checks and attributed it to 'unidentified external parties.' The attack itself reportedly occurred in November 2025. Compromised data included demographic and identification details, contact information, travel specifics, and loyalty card numbers, but no payment information or account credentials were affected.

Tejaratbank·Jun 23, 2026

Same sectorSame action patternSame impact area

Tejarat Bank Affected by Cyberattacks in Iran

Tejarat Bank was among three major Iranian banks affected by a wave of cyberattacks reported on June 23, 2026. The incident prompted a temporary nationwide suspension of card-based services to prevent unauthorized access. This follows an earlier wave of disruptions in mid-June.

Bsis·Jun 23, 2026

Same sectorSame action patternSame impact area

Saderat Bank Affected by Cyberattacks in Iran

Saderat Bank was among three major Iranian banks affected by a wave of cyberattacks reported on June 23, 2026. The incident prompted a temporary nationwide suspension of card-based services to prevent unauthorized access. This follows an earlier wave of disruptions in mid-June.

Bmi·Jun 23, 2026

Same sectorSame action patternSame impact area

Melli Bank Affected by Cyberattacks in Iran

Melli Bank was among three major Iranian banks affected by a wave of cyberattacks reported on June 23, 2026. The incident prompted a temporary nationwide suspension of card-based services to prevent unauthorized access. This follows an earlier wave of disruptions in mid-June.