The National Association of Insurance Commissioners (NAIC) now says the data taken earlier this month from its information technology systems has been published online by the hackers responsible.
In a short note on it’s website, NAIC said it is “actively working with an external cybersecurity partner to compare the scope and type of data the group posted with our own analysis.”
Updates will be posted when available, the NAIC said.
According to multiple online resources, the ShinyHunters ransomware group claimed responsibility for the NAIC breach, and allegedly stole 3.1 terabytes of data.
The group said it had technology provided by the NAIC, including the System for Electronic Rate and Form Filing (SERFF), Online Premium Tax for Insurance (OPTins), Uniform Certificate Authority Application (UCAA), Enterprise Data Platform (EDP), and Regulatory Data Collection (RDC). However, outside cybersecurity experts involved in an analysis if the breach confirmed this information was not taken.
No employee data, electronic funds transfer, risk-based capital data, policyholder information, producer data, or event registration payment information was accessed, the internal investigation concluded, NAIC said.
Just days ago, NAIC said its investigation found that the group responsible gained unauthorized access to its systems via a zero-day vulnerability in Oracle PeopleSoft. NAIC, which collects and which provides data, technology, and analysis to insurance commissioners, primarily uses PeopleSoft for internal financial reporting purposes.
Related: NAIC Victim of Cyber Incident Via PeopleSoft System
Topics Cyber
Was this article valuable?
Here are more articles you may enjoy.
Trump Administration Backtracks on Removing Ocean Sensors 
DeSantis Signs Citizens Commercial Clearinghouse Bill That’s Been Called ‘Unneeded’ 
Big I: Independent Agencies’ Market Share Up Slightly in 2025 
AM Best Upgrades Credit Ratings of Missouri’s Columbia 
