NAIC.org in the US reports more than 3.1TB of data across its INSData statistical platform, Vision credit rating feeds, SERFF, OPTINS, UCAA, EDP, RDC, and state insurance department reporting systems, including 105,000+ files (2.1M insurer regulatory filing PDFs and 40,000 quarterly statistical CSVs with federal EINs), were compromised by the threat actor shinyhunters. The claim is a final warning to contact the attackers by 22 June 2026 to avoid data leakage and related digital disruptions. #UnitedStates
Incident Details
- Victim: NAIC.org
- Sector: Business Services
- Country: US
- Actor: shinyhunters
- Source:
- Discovered: 2026-06-18T04:25:34.083874+00:00
- Published: 2026-06-18T04:25:32.563150+00:00
Information
- Over 3.1 terabytes of National Association of Insurance Commissioners data, spanning more than 105,000 files, was compromised across multiple insurance-related systems.
- The exposed material included 2.1 million insurer regulatory filing PDFs and 40,000 quarterly statistical CSV files containing federal EINs and company data.
- More than 45,000 licensed rating agency files were also taken, including records from Moody’s, Fitch, S&P, Kroll, DBRS, and AM Best with CUSIP and ISIN identifiers.
- The leak also covered statutory annual and quarterly financial statements, premium and loss statistics, and HR Ratings master data.
- The affected data touched NAIC, all fifty state insurance departments, and thousands of licensed insurers.
- A final warning was issued to make contact by 22 June 2026 before the data is leaked, with the threat of additional disruptive digital problems.
- Updated: 18 June 2026.
- Warning: FINAL WARNING PAY OR LEAK.
Disclaimer: This post is based on public claims made by the ransomware group "shinyhunters". I cannot confirm the accuracy of the information. However, I would be happy to share any official statement from the affected organization to provide clarification.