Insurance Group Says Only Public Data Stolen in Recent Breach
The National Association of Insurance Commissioners reports that attackers accessed public information and old system files, not sensitive personal data.
Source
BleepingComputer
Original headline: NAIC says public data stolen in ShinyHunters' PeopleSoft breach
Plain-English summary by GetCyberRight. Read the full report at the source above.
The National Association of Insurance Commissioners has announced that a group calling itself ShinyHunters breached its computer systems by exploiting a security flaw in Oracle PeopleSoft software. According to the organization, the attackers only stole publicly available data, outdated system logs, and configuration files. The breach happened when attackers found and used a previously unknown vulnerability, called a zero-day (a newly discovered software flaw with no fix yet) flaw, in the software.
If you have insurance or work in the insurance industry, you may wonder if your personal information was affected. The NAIC states that the stolen data was already publicly available and did not include sensitive personal information. However, it is always wise to stay alert after any breach announcement involving an organization that might have your information.
Stay one step ahead of scammers
Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.
Even though the NAIC says sensitive data was not stolen, you should still take these precautions:
- Watch your insurance accounts and statements for any unusual activity or changes you did not authorize.
- Be extra cautious about emails or phone calls claiming to be from insurance companies, especially if they ask for personal information or payment.
- If you work in the insurance industry and use systems connected to NAIC, check with your employer about whether you need to change any passwords or take additional security steps. To protect yourself after any data breach announcement, remember that scammers often use news of breaches to trick people. They may send fake emails pretending to be from the affected organization, asking you to click links or provide information. Always go directly to a company's official website by typing the address yourself rather than clicking email links. Keep your computer and phone software updated, as these updates often include security fixes. Consider using two-factor authentication on all important accounts, which adds an extra layer of protection even if someone gets your password.
Curated from trusted cybersecurity sources by GetCyberRight
Source: BleepingComputerStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles
Law Firm Data Breach: What to Do If Your Attorney's Files Were Exposed
Fox Rothschild, a major law firm, suffered a data breach that may have exposed client files and sensitive legal documents.
2 min readMajor Law Firm Suffers Data Breach: What to Know if You're a Client
Fox Rothschild, a top 100 law firm, experienced a data breach by a group that targets legal practices. Client information may have been exposed in the attack.
2 min readInsurance Organization Says Only Public Data Stolen in Recent Breach
The National Association of Insurance Commissioners was hacked through a security flaw. The organization says only publicly available information was taken, not private consumer data.
2 min read
What the MOVEit Data Breach Court Case Means for Your Information
A federal court is allowing families affected by the MOVEit breach to continue their lawsuit against the companies involved.
2 min read