Cyber Insurance Market Rattled by 3.1TB NAIC Data Leak

ShinyHunters Dumps 3.1TB of NAIC Data, Disrupting U.S. Insurer Capital Ratings and Cyber Coverage 

WASHINGTON, United States — June 29, 2026 — The U.S. cyber insurance sector faces fresh systemic-risk concerns after cybercriminal group ShinyHunters published 3.1 terabytes of data it claims was stolen from the National Association of Insurance Commissioners (NAIC), prompting the regulator to halt data sharing and suspend assigning investment risk designations. The development matters because the NAIC sits at the center of U.S. insurance regulation, connecting all 50 state departments and holding filings from thousands of insurers. 

Main Development 

The NAIC confirmed for the first time that data taken in a June breach had been published online by the group responsible, with Google's Mandiant unit confirming attribution to ShinyHunters. The breach traces to unauthorized access to the NAIC's Oracle PeopleSoft systems, identified on June 11 and confirmed publicly on June 17, after which the FBI and outside cybersecurity experts were engaged. The NAIC did not pay the demanded ransom. 

The amended dataset reportedly contains more than 264,000 insurer regulatory filing PDFs spanning property, casualty, health and life insurance between 2017 and 2024, along with roughly 45,000 files from credit rating agencies. The NAIC disputes portions of the claim, stating no personally identifiable information, payment data, producer data or policyholder information was taken and that core systems were not compromised. 

Most consequentially, credit rating agencies paused their data feeds to the NAIC after the breach, and the regulator temporarily suspended assigning its own investment designations to insurer portfolios. These designations determine how much capital U.S. life insurers must hold against investment holdings, leaving the framework that governs portfolio classification in limbo. 

Key Highlights: 

• ShinyHunters published 3.1TB of allegedly stolen NAIC data on its dark web leak site after the regulator declined to pay. 

• The breach stemmed from an Oracle PeopleSoft zero-day exploited for 14 days before a June 10 patch, also affecting Amazon One Medical, the Council of Europe, Kodak and DentaQuest. 

• The NAIC suspended assigning investment designations central to U.S. insurer capital rules after rating agencies paused data feeds. 

• Data-theft-only extortion attacks rose from 49% of claims in H1 2025 to 65% in H2 2025, with FBI data showing U.S. cyber losses near $21 billion in 2025. 

Analyst Insight: 

NMSC analysts note that the incident underscores how systemic, supply-chain-driven breaches — rather than isolated ransomware events — are increasingly shaping cyber insurance underwriting and aggregation-risk modeling. According to analysts at Next Move Strategy Consulting, regulator-level exposures that circulate across the entire insurance ecosystem reinforce why insurers are sharpening governance requirements, tightening exclusions, and scrutinizing third-party technology dependencies. 

Industry Outlook: 

The NAIC episode is likely to accelerate insurer focus on production-infrastructure exposure, credentials hygiene and third-party dependency mapping as underwriting criteria. With credit rating data feeds suspended and the FBI investigation ongoing, regulators and carriers face near-term uncertainty over capital classification and downstream coverage implications, reinforcing the shift toward insurers acting as active risk partners rather than financial backstops. 

Source: Insurance Business 

Prepared By: Sanyukta Deb

For More Information – Download FREE Sample on XYZ Market Report