NAIC criticized over network flaws and communication after cyberattack - Insurance News | InsuranceNewsNet

InsuranceNewsNet — Your Industry. One Source.™

Sign in
  • Subscribe
  • About
  • Advertise
  • Contact
Home Now reading Top Stories
Topics
    • Advisor News
    • Annuity Index
    • Annuity News
    • Companies
    • Earnings
    • Fiduciary
    • From the Field: Expert Insights
    • Health/Employee Benefits
    • Insurance & Financial Fraud
    • INN Magazine
    • Insiders Only
    • Life Insurance News
    • Newswires
    • Property and Casualty
    • Regulation News
    • Sponsored Articles
    • Washington Wire
    • Videos
    • ———
    • About
    • Meet our Editorial Staff
    • Advertise
    • Contact
    • Newsletters
  • Exclusives
  • NewsWires
  • Magazine
  • Newsletters
Sign in or register to be an INNsider.
  • AdvisorNews
  • Annuity News
  • Companies
  • Earnings
  • Fiduciary
  • Health/Employee Benefits
  • Insurance & Financial Fraud
  • INN Exclusives
  • INN Magazine
  • Insurtech
  • Life Insurance News
  • Newswires
  • Property and Casualty
  • Regulation News
  • Sponsored Articles
  • Video
  • Washington Wire
  • Life Insurance
  • Annuities
  • Advisor
  • Health/Benefits
  • Property & Casualty
  • Insurtech
  • About
  • Advertise
  • Contact
  • Editorial Staff

Get Social

  • Facebook
  • X
  • LinkedIn
Top Stories
Top Stories RSS Get our newsletter
Order Prints
June 26, 2026 Top Stories
Share
Share
Post
Email

NAIC criticized over network flaws and communication after cyberattack

Image shows the NAIC logo
The NAIC is trying to get to the bottom of a cyberbreach that took place earlier this month. (This image was created with AI)
By John Hilton

The National Association of Insurance Commissioners is struggling to contain the fallout from a June 11 cyber breach that potentially exposed sensitive regulatory filings, as well as data from credit rating agencies.

In an update on Thursday, the NAIC confirmed that “data taken from our environment during the security incident was published online by the group responsible.

“We are actively working with an external cybersecurity partner to compare the scope and type of data the group posted with our own analysis,” the note read. “Updates will be posted here as they are available.”

NAIC officials did not provide any additional details or comment.

Meanwhile, industry trade groups say their members are frustrated. In a letter last week to the NAIC, the National Association of Mutual Insurance Companies criticized both the security and a lack of communication.

“It appears evident that the NAIC has not implemented proper cyber guardrails, including practices like segmenting sensitive information systems from one another,” wrote Erin Collins, senior vice president for state and policy affairs at NAMIC.

“NAMIC is also troubled with the lack of communication by the NAIC on this event. The NAIC did not seem to provide any type of directed alert other than what was posted on the NAIC website, did so nearly one full week after identifying the event.”

The NAIC subsequently provided more information this week.

Contacted by InsuranceNewsNet, the American Council of Life Insurers responded with a statement from Jillian Froment, executive vice president and general counsel.

“ACLI is working closely with the NAIC to ensure our members receive clear, timely information about this incident and any next steps. We appreciate the NAIC’s engagement to date and will continue coordinating with them as their review progresses.”

Attackers missed key systems

The NAIC said attackers exploited a zero-day vulnerability in its Oracle PeopleSoft systems. The extortion group ShinyHunters claimed responsibility for the breach.

Despite claims by the hackers, the NAIC confirmed in a Tuesday update that the following systems were not breached: the System for Electronic Rate and Form Filing (SERFF), Online Premium Tax for Insurance (OPTins), Uniform Certificate Authority Application (UCAA), Enterprise Data Platform (EDP), Regulatory Data Collection (RDC), NIPR, Teammate, State Based Systems (SBS), employee personal data, electronic funds transfer, risk-based capital data, policyholder information, producer data, and event registration payment information.

Data that was accessed or acquired included: Publicly available statutory financial reporting information.

“These statements were publicly available prior to this incident through state websites, InsData, or resellers,” the NAIC update noted.

Also, credit rating agency data, including rating determinations of insurer investments, was accessed. This does not include any rating agency investment rationale reports, the NAIC said.

No payment, banking or credit card information was accessed, the NAIC added.

'Failures' questioned by think tank

The Pinpoint Policy Institute, a conservative think tank, ripped the NAIC for waiting nearly a week to publicly disclose the cyber breach, as well as its handling of it. PPI is opposed to further regulation, in particular, the NAIC discussions to increase its oversight of rating agencies.

The NAIC is a 501(c)(3) nonprofit entity that does not file Form 990 disclosures “like virtually every other nonprofit in America,” PPI noted in a Thursday commentary. The organization also “circumvents” any formal Administrative Procedures Act notice and comment process.

“Taken together, these failures call into question everything NAIC is currently pursuing,” reads the PPI commentary, which has no byline. “An organization this unaccountable should not be expanding its regulatory footprint.

“The NAIC should pause all policy development until elected officials, who are accountable to the public, can get a full grasp of the NAIC’s unaccountable and potentially collusive behavior.”

In its letter from Adam Shores, senior vice president for state government relations, the American Property Casualty Insurance Association struck a conciliatory tone. But its members still want information on the breach, Shores wrote.

“APCIA is hearing directly from member companies that are seeking clear, timely, and authoritative information regarding the scope of this incident and its potential implications,” he wrote.

© Entire contents copyright 2026 by InsuranceNewsNet.com Inc. All rights reserved. No part of this article may be reprinted without the expressed written consent from InsuranceNewsNet.com.

No image

InsuranceNewsNet Senior Editor John Hilton has covered business and other beats in more than 20 years of daily journalism. John may be reached at [email protected]. Follow him on Twitter @INNJohnH.

Older

How executive benefits impact an estate plan

Newer

State Farm’s agency overhaul: What distribution can learn

Advisor News

  • Demonstrating the value of life insurance to Gen Z
  • Poor money habits are a dealbreaker in a new relationship
  • DC plan sponsors see opportunity in alternatives
  • The American Dream: Redefined as financial stability
  • Partial annuitization: How advisors can help clients balance income, growth
More Advisor News

Annuity News

  • CA judge certifies class action in teachers’ lawsuit over in-plan annuity fees
  • Globe Life Inc. (NYSE: GL) Records 52-Week High Thursday Morning
  • AM Best Managing Director Joins ‘Target Topics’ Podcast to Discuss State of Delegated Underwriting Authority Enterprises Market
  • KBRA Assigns Rating to TruSpire Retirement Insurance Company
  • Partial annuitization: How advisors can help clients balance income, growth
More Annuity News

Health/Employee Benefits News

  • OCWNY to hold seminar for disability beneficiaries Friday
  • Atrium pushes back after State Health Plan leaves healthcare network out of Tier 1
  • Douglas Veterans Claims Clinic Connects Rural Veterans With Critical Services
  • Atrium pushes back after State Health Plan leaves healthcare network out of Tier 1
  • Connecticut health insurance exchange shifts enrollment dates after federal changes
More Health/Employee Benefits News

Life Insurance News

  • Globe Life Inc. (NYSE: GL) Records 52-Week High Thursday Morning
  • AM Best Upgrades Credit Ratings of Sagicor Financial Company Ltd. and Most of Its Subsidiaries
  • Trust, technology and the future of claims
  • New York Life Launches an Indemnity Benefit for its Asset Flex Long-Term Care Insurance Solution
  • AM Best Affirms Credit Ratings of DB Insurance Co., Ltd.
More Life Insurance News

NEWS INSIDE

  • Companies
  • Earnings
  • Economic News
  • INN Magazine
  • Insurtech News
  • Newswires Feed
  • Regulation News
  • Washington Wire
  • Videos

FEATURED OFFERS

Press Releases

  • Prosperity Life GroupSM Launches Prosperity PathWaySM Series, Bringing Greater Choice and Flexibility to Retirement Income Planning
  • Senior Market Sales® Fortifies Annuity Reach With Acquisition of Retirement Planning Firm Stratton & Company
  • RFP #T01625
  • Rockwood Programs Appoints Kerry Ladouceur as Vice President, Financial Lines
More Press Releases > Add Your Press Release >

How to Write For InsuranceNewsNet

Find out how you can submit content for publishing on our website.
View Guidelines

Topics

  • Advisor News
  • Annuity Index
  • Annuity News
  • Companies
  • Earnings
  • Fiduciary
  • From the Field: Expert Insights
  • Health/Employee Benefits
  • Insurance & Financial Fraud
  • INN Magazine
  • Insiders Only
  • Life Insurance News
  • Newswires
  • Property and Casualty
  • Regulation News
  • Sponsored Articles
  • Washington Wire
  • Videos
  • ———
  • About
  • Meet our Editorial Staff
  • Advertise
  • Contact
  • Newsletters

Top Sections

  • AdvisorNews
  • Annuity News
  • Health/Employee Benefits News
  • InsuranceNewsNet Magazine
  • Life Insurance News
  • Property and Casualty News
  • Washington Wire

Our Company

  • About
  • Advertise
  • Contact
  • Meet our Editorial Staff
  • Magazine Subscription
  • Write for INN

Sign up for our FREE e-Newsletter!

Get breaking news, exclusive stories, and money- making insights straight into your inbox.

select Newsletter Options
Facebook Linkedin Twitter
© 2026 InsuranceNewsNet.com, Inc. All rights reserved.
  • Terms & Conditions
  • Privacy Policy
  • InsuranceNewsNet Magazine

Sign in with your Insider Pro Account

Not registered? Become an Insider Pro.
Insurance News | InsuranceNewsNet