[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-insurance-regulators-hit-by-oracle-zero-day-31tb-claimed-stolen":10,"sections":34},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":22,"persona_id":22,"persona_name":22,"section":24,"tags":25,"sources":29,"feedback":33,"feedback_at":22,"cost_usd":33,"total_tokens":33},2299,"insurance-regulators-hit-by-oracle-zero-day-31tb-claimed-stolen","Insurance Regulators Hit by Oracle Zero-Day, 3.1TB Claimed Stolen","ShinyHunters says it took 3.1TB from the NAIC by exploiting an Oracle PeopleSoft zero-day that went unpatched for two weeks.","The body that sets insurance rules for US regulators got breached, and a ransomware gang is now leaking what it took.\n\nThe National Association of Insurance Commissioners confirmed attackers exploited a zero-day vulnerability in Oracle PeopleSoft, an enterprise software suite used to manage finances and operations. ShinyHunters, the group claiming responsibility, says it walked away with 3.1TB of data — including insurer regulatory filings, credit rating files, AWS infrastructure logs, cloud configuration files, and records containing personally identifiable information. NAIC's own account is narrower: it says the stolen material consists of publicly available statutory financial reports, insurer investment data, and some outdated technical files, with no evidence that personal, banking, or payment data was accessed. The attack was detected June 11; NAIC disclosed it June 17.\n\nThe gap between what NAIC admits and what ShinyHunters claims matters because NAIC sits at the center of US insurance regulation — its systems receive sensitive filings from insurers across all 50 states. A breach here is not just one company's problem; it touches the confidentiality of the entire regulatory pipeline. The fact that files appear to have been leaked publicly suggests NAIC declined to pay, which typically triggers full data release.\n\nThe broader context is worse than one breach. According to Google Mandiant, ShinyHunters began exploiting this same Oracle PeopleSoft zero-day on May 27 and hit more than 100 organizations and 300 individuals before Oracle shipped an emergency patch on June 10 — a two-week window of open exploitation. NAIC is one named victim in what looks like a mass-compromise campaign, which raises a simple question: how many of the other 100-plus organizations haven't disclosed yet?","[\"security\",\"data-breach\",\"ransomware\",\"oracle\"]","2026-06-26T18:00:00.000Z","2026-06-26T18:36:08.439Z","2026-06-27T15:37:44.492Z","published",null,[],"security",[24,26,27,28],"data-breach","ransomware","oracle",[30],{"name":31,"url":32},"TechRadar","https:\u002F\u002Fwww.techradar.com\u002Fpro\u002Fsecurity\u002Fnaic-confirms-data-breach-with-shinyhunters-claiming-3-1tb-of-data-stolen-in-oracle-zero-day-attack",0,{"sections":35},[36,41,45,50,55,60,65,70,75,80,85,89,94,99],{"name":37,"slug":38,"count":39,"latest_published_at":40},"AI","ai",2590,"2026-07-16T04:00:00.000Z",{"name":42,"slug":24,"count":43,"latest_published_at":44},"Security",294,"2026-07-15T19:59:48.000Z",{"name":46,"slug":47,"count":48,"latest_published_at":49},"Deals","deals",179,"2026-06-29T20:02:07.000Z",{"name":51,"slug":52,"count":53,"latest_published_at":54},"Policy","policy",158,"2026-07-16T00:02:48.000Z",{"name":56,"slug":57,"count":58,"latest_published_at":59},"Hardware","hardware",122,"2026-07-14T19:46:26.000Z",{"name":61,"slug":62,"count":63,"latest_published_at":64},"Consumer Tech","consumer-tech",93,"2026-07-13T13:20:48.000Z",{"name":66,"slug":67,"count":68,"latest_published_at":69},"Software","software",70,"2026-07-13T19:52:25.000Z",{"name":71,"slug":72,"count":73,"latest_published_at":74},"Science","science",66,"2026-07-10T10:29:37.000Z",{"name":76,"slug":77,"count":78,"latest_published_at":79},"Dev Tools","dev-tools",59,"2026-07-07T04:00:00.000Z",{"name":81,"slug":82,"count":83,"latest_published_at":84},"Gaming","gaming",41,"2026-07-09T04:00:00.000Z",{"name":86,"slug":87,"count":83,"latest_published_at":88},"Startups","startups","2026-06-29T20:55:50.000Z",{"name":90,"slug":91,"count":92,"latest_published_at":93},"General","general",29,"2026-07-10T22:28:58.000Z",{"name":95,"slug":96,"count":97,"latest_published_at":98},"Reviews","reviews",20,"2026-06-24T12:00:01.000Z",{"name":100,"slug":101,"count":102,"latest_published_at":103},"How-To","how-to",6,"2026-06-16T09:00:00.000Z"]