HackerFeeds
All ransomware incidents
naic.org

Ransomware group shinyhunters hits NAIC.org

MEDIUM
·Business Services·US·2026-06-18

NAIC.org — a business services target operating in US has been listed by the shinyhunters ransomware group on 2026-06-18. The information below reflects what the threat actor has publicly claimed on their leak site; the details have not been independently verified.

Incident Report

Target OrganizationNAIC.org
Threat Group
shinyhunters
SummaryOver 3.1 terabytes of National Association of Insurance Commissioners data (105,000+ files) was compromised across the INSData statistical platform, Vision credit rating feeds, SERFF, OPTINS, UCAA, EDP, RDC, and state insurance department reporting systems (NAIC, all fifty state insurance departments, and thousands of licensed insurers), including 2.1 million insurer regulatory filing PDFs, 40,000 quarterly statistical CSVs with federal EINs and company data, 45,000+ licensed rating agency files from Moody's, Fitch, S&P, Kroll, DBRS, and AM Best with CUSIP and ISIN identifiers, statutory annual and quarterly financial statements, premium and loss statistics, and HR Ratings master data. This is a final warning to reach out by 22 June 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 18 June 2026 | Warning: FINAL WARNING PAY OR LEAK
Date of Breach2026-06-18
Discovery Date2026-06-18
RegionUS
Target DomainNAIC.org
Business SectorBusiness Services
Severity
MEDIUM

Claim by shinyhunters

Over 3.1 terabytes of National Association of Insurance Commissioners data (105,000+ files) was compromised across the INSData statistical platform, Vision credit rating feeds, SERFF, OPTINS, UCAA, EDP, RDC, and state insurance department reporting systems (NAIC, all fifty state insurance departments, and thousands of licensed insurers), including 2.1 million insurer regulatory filing PDFs, 40,000 quarterly statistical CSVs with federal EINs and company data, 45,000+ licensed rating agency files from Moody's, Fitch, S&P, Kroll, DBRS, and AM Best with CUSIP and ISIN identifiers, statutory annual and quarterly financial statements, premium and loss statistics, and HR Ratings master data. This is a final warning to reach out by 22 June 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline. | Updated: 18 June 2026 | Warning: FINAL WARNING PAY OR LEAK

Posted by the shinyhunters threat actor on its public leak site. This is the group's own statement and has not been independently verified by HackerFeeds.

Sources

Victim website

NAIC.org

Disclaimer

HackerFeeds does not engage in the exfiltration, downloading, taking, hosting, viewing, reposting, or disclosure of any stolen information. All breach data reported here is sourced from publicly available threat intelligence feeds for awareness purposes only.