CVE Tools
Back to feed
BleepingComputer ·EN-US News source

NAIC says public data stolen in ShinyHunters' PeopleSoft breach

By Bill Toulas··2 min read
CVE Tools coverage

The NAIC says it was compromised by ShinyHunters after the threat group exploited a zero-day in an Oracle PeopleSoft server (CVE-2026-35273). According to NAIC, the attackers obtained mainly already publicly available statutory financial reports, outdated logs, and configuration information, and it reports no evidence that PII or financial data was exposed. The incident still caused disruptions for downstream partners, while ShinyHunters’ leaked-file claims differ from NAIC’s findings and NAIC states affected systems have been remediated.