�鶹ԭ��

We previously advised that the �鶹ԭ�� identified unauthorized access to our PeopleSoft system by an unknown third party. This update shares what we have since learned.

We are now aware that the individual or group responsible for this incident has publicly claimed to have obtained �鶹ԭ�� data. At this time, we have no confirmation that data from our environment has been published or released. We understand this is concerning, and we want to keep you informed about what we know, what we are still determining, and the steps we are taking. Based on public reporting, this appears to be part of a broader campaign affecting many organizations that use this software.

Our investigation, conducted with outside cybersecurity experts and in coordination with law enforcement, remains ongoing. At this stage, we are continuing to assess whether any data was accessed or acquired, and, if so, what information and whose information may be involved. Because this review is ongoing, some details may change as we learn more, and we will update this page accordingly.

This development does not change our commitment to the people and organizations we serve. If we determine that your personal information is involved, we will notify you directly as required and as appropriate, and we will provide guidance on steps you can take to protect yourself.

If you receive a suspicious communication claiming to come from the �鶹ԭ��, do not respond or click any links, preserve the message and report it to cyberincident@naic.org.

We recognize the seriousness of this event and the trust placed in the �鶹ԭ�� and the state-based insurance regulatory system. We are continuing to strengthen our defenses, and we are committed to transparency as our investigation proceeds.

The �鶹ԭ�� identified, on or about June 11, unauthorized access to our PeopleSoft systems. After detecting the incident, we promptly activated our incident response procedures and took steps to contain the situation. We are working diligently to investigate and will provide relevant updates as appropriate.  

We are committed to maintaining the integrity of the state-based insurance system and protecting our members' information. 

While these types of situations have become all-too common, we recognize the significance of this event and have taken prompt and appropriate steps to address it.

We are conducting a thorough investigation to determine what information may have been affected. Based on what we know at this stage, we are not able to confirm the full scope, and we will update this page as our understanding develops. If we determine that personal information has been affected, we will notify those individuals as required and as appropriate. 

We will provide updates here as they are available, as well as share plans for notifying impacted parties as we confirm any additional information about this incident.

�󴡲ϲ� 

1. What happened? What has been impacted? 

We are aware of an incident in which an unauthorized third party gained access to a portion of our IT systems. The investigation is ongoing, and we are actively working with leading cybersecurity experts to assess the situation. We do not have additional information to share at this time.

2. How did this happen? What security measures does �鶹ԭ�� have in place to prevent this type of event? 

We are actively working with leading cybersecurity experts to investigate the matter. We do not have additional information to share at this time.

3. Where are you in the investigation? When will it be completed? 

We are actively working with leading cybersecurity experts to assess the situation. These investigations are complex and take time.

4. When will the investigation be completed? When will you provide additional information or updates? 

This is a top priority for us and something we take extremely seriously. We have a dedicated internal team focused on this matter, supported by leading cybersecurity experts. These investigations are complex and take time, though we are working with urgency. We will provide relevant updates as appropriate. 

5. Do you have insurance to cover potential expenses related to this matter? How much? 

We have been in contact with our cyber insurance carrier.