The National Association of Insurance Commissioners (NAIC) has confirmed it was the victim of a cyberattack, with the group ShinyHunters claiming to have stolen 3.1 terabytes of data, according to a recent report by Tech Radar.The attack exploited a zero-day vulnerability in Oracle PeopleSoft, an enterprise resource planning software. ShinyHunters began exploiting this vulnerability on May 27, compromising over 100 organizations before Oracle released an emergency update on June 10. NAIC detected the breach on June 11 and disclosed it on June 17.NAIC stated that the stolen data includes publicly available statutory financial reports, insurer investment credit rating data, and technical information like outdated logs and configuration files. They maintain that no personal or banking information was accessed. However, ShinyHunters claims the stolen cache includes insurer filings, credit rating files, AWS logs, configurations, and personally identifiable information. The group's decision to leak the data online suggests NAIC did not pay a ransom.Source: Tech Radar
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds