NAIC says ShinyHunters accessed its systems through an Oracle PeopleSoft zero-day, but the stolen data was limited to publicly available reports, outdated logs, and configuration files. The organization says no PII or financial data was exposed, and it has remediated affected systems after the extortion attempt and leak. #ShinyHunters #NAIC #OraclePeopleSoft #CVE-2026-35273
Keypoints
- NAIC confirmed unauthorized access to its PeopleSoft environment.
- The attackers exploited an Oracle PeopleSoft zero-day vulnerability.
- NAIC says only public reports, logs, and configuration files were taken.
- The organization found no evidence of exposed PII or financial data.
- ShinyHunters claimed 3.1 TB of data and targeted more than 100 organizations.