Insurance Regulators Group NAIC Hit in Oracle PeopleSoft Hack

The ShinyHunters extortion group claims to have stolen 3.1 TB of data from the organization. The post Insurance Regulators Group NAIC Hit in Oracle PeopleSoft Hack appeared first on SecurityWeek .

According to public reporting, the National Association of Insurance Commissioners (NAIC) was compromised via a zero-day vulnerability in Oracle PeopleSoft, with the ShinyHunters group claiming theft of approximately 3.1 TB of data including regulatory filings, financial information, configuration files, and logs.[1][3][6][9] NAIC states that, based on its current investigation, the stolen data consists mainly of publicly available information and non-PII technical data, although portions have been posted to leak sites.[3][6][8] From a CyberSE.AI perspective, this incident highlights fintech-sector exposure to third‑party enterprise platforms (like PeopleSoft) and the risk that configuration files, logs, and infrastructure metadata can be weaponized to target downstream analytics or AI systems used for supervision, risk modeling, or fraud detection. Organizations using financial, regulatory, or supervisory data for AI models should treat ERP platforms as critical AI supply-chain components, maintain SBOM-level visibility into these dependencies, and implement continuous patching, access hardening, and exfiltration monitoring to prevent similar compromises from cascading into AI