HomeIntelligenceBrief
BREACH BRIEF🟠 High Breach

Zero‑Day PeopleSoft Exploit Exposes NAIC Data and Credentials

The National Association of Insurance Commissioners (NAIC) confirmed that ShinyHunters leveraged a zero‑day (CVE‑2026‑35273) in Oracle PeopleSoft to steal publicly available reports, logs, configuration files and stored credentials. The incident underscores the need for robust vendor‑risk controls and continuous audit evidence in SOC 2 programs.

LiveThreat™ Intelligence · 📅 June 30, 2026· 📰 bleepingcomputer.com
🟠
Severity
High
BR
Type
Breach
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
1 recommended
📰
Source
bleepingcomputer.com

Zero‑Day Exploit of Oracle PeopleSoft Leads to Data Theft at NAIC

What Happened — ShinyHunters leveraged a zero‑day vulnerability (CVE‑2026‑35273) in Oracle PeopleSoft to gain unauthorized access to the National Association of Insurance Commissioners (NAIC) environment. The group exfiltrated publicly available statutory reports, outdated logs, configuration files and stored credentials before leaking the data when a ransom was refused.

Why It Matters for Compliance & Audit Readiness

  • SOC 2 vendor‑management criteria (CC6.1, CC6.2) require continuous monitoring of third‑party software patches; a zero‑day bypass demonstrates the risk of gaps in that process.
  • Auditable evidence of vendor‑risk assessments and remediation actions is essential to prove due‑diligence during an audit.
  • The incident shows how configuration and credential exposure can trigger service disruptions, reinforcing the need for documented control testing and evidence collection.

Who Is Affected — Insurance regulators, insurers, and any organization running Oracle PeopleSoft or similar ERP platforms.

Recommended Actions — Map PeopleSoft to your vendor‑risk register, verify that the CVE‑2026‑35273 patch is applied, collect remediation evidence for SOC 2 audits, and implement continuous monitoring of vendor security advisories. Source: BleepingComputer

Technical Notes — Attack vector: exploitation of CVE‑2026‑35273 (zero‑day) in Oracle PeopleSoft. Stolen data: public statutory PDFs, legacy logs, AWS configuration files, and stored credentials for SERFF, OPTins, and UCAA production environments. Source: BleepingComputer

📰 Original Source
https://www.bleepingcomputer.com/news/security/naic-says-public-data-stolen-in-shinyhunters-peoplesoft-breach/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Vendor Risk Hub

This is the scenario continuous vendor monitoring is built to catch.

When a vendor is compromised, your SOC 2 vendor-management controls are what produce the audit trail showing you knew, assessed, and acted. The Verisq AI Trust Operations platform tracks that continuously.

Explore the Verisq AI Trust Operations platform →