Oracle, Kroll Bond Rating Agency and Fitch Ratings: Insurance body confirms hackers posted Oracle PeopleSoft breach data

Oracle, Kroll Bond Rating Agency and Fitch Ratings: Insurance body confirms hackers posted Oracle PeopleSoft breach data

NAIC Confirms Data Breach Linked to Oracle PeopleSoft Zero-Day Exploit

The National Association of Insurance Commissioners (NAIC) confirmed that threat actors exploited a critical zero-day vulnerability in Oracle PeopleSoft’s Environment Management component, exposing financial and ratings data tied to insurer investments. The breach occurred between May 27 and June 9, with stolen data later posted on a leak site.

While some of the compromised information was already publicly accessible through state insurance sites or resellers, the incident impacted sensitive regulatory data used by U.S. insurance regulators. Fitch Ratings acknowledged that data it submitted to NAIC was affected but stated its own systems remained secure. Mandiant, Google Cloud’s incident response team, notified over 100 organizations primarily educational institutions about potential exposure.

Oracle issued an advisory earlier this month addressing the remote code execution flaw in certain versions of PeopleSoft PeopleTools. NAIC clarified that no financial account data or personally identifiable information (PII) was compromised, and its regulatory filing systems remain secure. However, some ratings agencies, including Kroll Bond Rating Agency, have temporarily paused data feeds to NAIC as a precaution.

The breach underscores the risks of unpatched enterprise software, particularly in sectors handling critical regulatory data. The incident follows broader warnings about cyber threats targeting supply chains and high-profile events, though this attack appears focused on exploiting a specific software vulnerability.

Source: https://www.cybersecuritydive.com/news/insurance-body-hackers-oracle-peoplesoft-breach-data/823978/

KBRA cybersecurity rating report: https://www.rankiteo.com/company/kroll-bond-rating-agency-llc

Oracle RMS Insurance Risk Management Services Inc. cybersecurity rating report: https://www.rankiteo.com/company/oracle-rms-insurance-risk-management-services-inc

Fitch Ratings cybersecurity rating report: https://www.rankiteo.com/company/fitch-ratings

"id": "KROORAFIT1782750719",
"linkid": "kroll-bond-rating-agency-llc, oracle-rms-insurance-risk-management-services-inc, fitch-ratings",
"type": "Vulnerability",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'U.S. insurance regulators, '
                                              'ratings agencies, and over 100 '
                                              'organizations (primarily '
                                              'educational institutions)',
                        'industry': 'Insurance Regulation',
                        'location': 'United States',
                        'name': 'National Association of Insurance '
                                'Commissioners (NAIC)',
                        'type': 'Regulatory Organization'},
                       {'industry': 'Financial Services',
                        'location': 'United States',
                        'name': 'Fitch Ratings',
                        'type': 'Ratings Agency'},
                       {'industry': 'Financial Services',
                        'location': 'United States',
                        'name': 'Kroll Bond Rating Agency',
                        'type': 'Ratings Agency'}],
 'attack_vector': 'Zero-day vulnerability exploitation',
 'data_breach': {'data_exfiltration': 'Yes (posted on a leak site)',
                 'personally_identifiable_information': 'No',
                 'sensitivity_of_data': 'High (regulatory data)',
                 'type_of_data_compromised': 'Financial and ratings data, '
                                             'regulatory data'},
 'date_detected': '2024-06-09',
 'description': 'The National Association of Insurance Commissioners (NAIC) '
                'confirmed that threat actors exploited a critical zero-day '
                'vulnerability in Oracle PeopleSoft’s Environment Management '
                'component, exposing financial and ratings data tied to '
                'insurer investments. The breach occurred between May 27 and '
                'June 9, with stolen data later posted on a leak site. While '
                'some of the compromised information was already publicly '
                'accessible through state insurance sites or resellers, the '
                'incident impacted sensitive regulatory data used by U.S. '
                'insurance regulators.',
 'impact': {'brand_reputation_impact': 'Yes',
            'data_compromised': 'Financial and ratings data tied to insurer '
                                'investments',
            'identity_theft_risk': 'No (no PII compromised)',
            'operational_impact': 'Temporary pause in data feeds to NAIC by '
                                  'ratings agencies',
            'payment_information_risk': 'No',
            'systems_affected': 'Oracle PeopleSoft Environment Management '
                                'component'},
 'initial_access_broker': {'entry_point': 'Oracle PeopleSoft zero-day '
                                          'vulnerability',
                           'high_value_targets': 'Regulatory and financial '
                                                 'data'},
 'investigation_status': 'Ongoing',
 'lessons_learned': 'Risks of unpatched enterprise software, particularly in '
                    'sectors handling critical regulatory data',
 'motivation': 'Data exfiltration',
 'post_incident_analysis': {'root_causes': 'Unpatched zero-day vulnerability '
                                           'in Oracle PeopleSoft'},
 'recommendations': 'Patch management for critical software, enhanced '
                    'monitoring for supply chain threats',
 'references': [{'source': 'Oracle Advisory'}],
 'response': {'third_party_assistance': 'Mandiant (Google Cloud’s incident '
                                        'response team)'},
 'stakeholder_advisories': 'Over 100 organizations notified by Mandiant',
 'title': 'NAIC Data Breach Linked to Oracle PeopleSoft Zero-Day Exploit',
 'type': 'Data Breach',
 'vulnerability_exploited': 'CVE-2024-XXXX (Oracle PeopleSoft Environment '
                            'Management remote code execution flaw)'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.