NAIC Confirms Data Breach After 3.1TB Data Dump — Here’s What Happened

NAIC Confirms Data Breach After 3.1TB Data Dump — Here’s What Happened

NAIC confirmed a data breach after stolen data was posted online by ShinyHunters. Here’s what happened, what was shared, and why insurance-related data can still matter to you right now.

What Happened?

According to Cybernews, the National Association of Insurance Commissioners — also called NAIC — confirmed that data was stolen during a recent Oracle PeopleSoft attack.

NAIC said it first found the security incident on June 11, 2026. The organization first reported the breach on June 17.

On June 26, NAIC said the stolen data had been published online by the group responsible for the attack.

The hacker group ShinyHunters posted a 3.1TB data set that it said was tied to NAIC systems. NAIC said its operations have returned to normal, with some limited exceptions.

NAIC is not an insurance company. It supports insurance regulators across the United States and helps collect and manage insurance industry data.

Who Was Affected and What Data Was Leaked?

NAIC said no personally identifiable information was accessed. Personally identifiable information means details that can identify a person, such as a Social Security number or home address.

NAIC also said no payment information was accessed. That includes credit card details and banking information.

The organization said state insurance departments’ systems were not affected. It also said several major NAIC systems were not affected, including SERFF, OPTins, UCAA, EDP, and RDC.

NAIC also said employee personal data, policyholder information, producer data, and event registration payment information were not accessed.

However, ShinyHunters said the posted data included a much wider set of files. NAIC has not confirmed every item in the group’s list.

According to Cybernews, the group said the data included:

  • More than 264,000 insurer regulatory filing PDF files
  • Insurer financial statements
  • Customer and bulk order records with names and email addresses
  • Payment transaction identifiers
  • Files connected to major credit rating agencies
  • Cloud infrastructure logs and configuration files
  • SQL scripts, which are files used to manage databases
  • Stored credentials tied to production systems

Some insurance filings may already be available through regulatory channels. But technical files can still create risk.

Cloud logs, configuration files, and stored credentials can help criminals understand how a system is built. That can make future attacks easier.

This matters because leaked information can cause problems long after the first headline disappears.

Even if your personal data was not part of this breach, your information may have been leaked somewhere else. Scammers often use leaked names, emails, passwords, or personal details to make fake messages look real.

If you are not sure whether your information was leaked somewhere online, automatic monitoring can help you spot problems earlier. 

Futureproof monitors your data for leaks 24/7 and helps you reduce scam risks with simple, clear steps.

Keep your personal information scam-proof

Futureproof keeps your data safer with simple guidance to set a strong password, turn on 2-step verification, and lock down your account.

Check my safety

How the Oracle PeopleSoft Attack Happened

The breach was linked to a zero-day vulnerability in Oracle PeopleSoft.

A zero-day vulnerability is a software flaw that criminals use before many people know how to fix it.

PeopleSoft is business software that helps organizations manage internal work, such as finance, reporting, and employee systems.

NAIC said it used PeopleSoft mainly for internal financial reporting.

According to the source, the wider ShinyHunters campaign ran from May 27 until Oracle released an emergency patch on June 10.

A patch is a software update that fixes a security problem.

Google Mandiant said the campaign affected more than 100 organizations and 300 individual software instances.