The NAIC identified, on or about June 11, unauthorized access to our PeopleSoft systems. After detecting the incident, we promptly activated our incident response procedures and took steps to contain the situation. We are working diligently to investigate and will provide relevant updates as appropriate.  

We are committed to maintaining the integrity of the state-based insurance system and protecting our members' information. 

While these types of situations have become all-too common, we recognize the significance of this event and have taken prompt and appropriate steps to address it.

We are conducting a thorough investigation to determine what information may have been affected. Based on what we know at this stage, we are not able to confirm the full scope, and we will update this page as our understanding develops. If we determine that personal information has been affected, we will notify those individuals as required and as appropriate. 

We will provide updates here as they are available, as well as share plans for notifying impacted parties as we confirm any additional information about this incident.

FAQs 

1. What happened? What has been impacted? 

We are aware of an incident in which an unauthorized third party gained access to a portion of our IT systems. The investigation is ongoing, and we are actively working with leading cybersecurity experts to assess the situation. We do not have additional information to share at this time.

2. How did this happen? What security measures does NAIC have in place to prevent this type of event? 

We are actively working with leading cybersecurity experts to investigate the matter. We do not have additional information to share at this time.

3. Where are you in the investigation? When will it be completed? 

We are actively working with leading cybersecurity experts to assess the situation. These investigations are complex and take time.

4. When will the investigation be completed? When will you provide additional information or updates? 

This is a top priority for us and something we take extremely seriously. We have a dedicated internal team focused on this matter, supported by leading cybersecurity experts. These investigations are complex and take time, though we are working with urgency. We will provide relevant updates as appropriate. 

5. Do you have insurance to cover potential expenses related to this matter? How much? 

We have been in contact with our cyber insurance carrier.