BleepingComputer ·EN-US News source
NAIC says public data stolen in ShinyHunters' PeopleSoft breach
CVE Tools coverage
The NAIC says it was compromised by ShinyHunters after the threat group exploited a zero-day in an Oracle PeopleSoft server (CVE-2026-35273). According to NAIC, the attackers obtained mainly already publicly available statutory financial reports, outdated logs, and configuration information, and it reports no evidence that PII or financial data was exposed. The incident still caused disruptions for downstream partners, while ShinyHunters’ leaked-file claims differ from NAIC’s findings and NAIC states affected systems have been remediated.