ShinyHunters has expanded its ongoing extortion campaign with three new alleged victims, threatening to publish data belonging to ICSecurity, Amazon-owned One Medical, and the National Association of Insurance Commissioners (NAIC) unless contact is established before a June 22 deadline.
The new listings appeared on the group’s leak site on June 18 and June 19 and follow a broader campaign that has recently targeted organizations across government, healthcare, retail, education, financial services, and technology sectors.
As previously reported by BreachNews, ShinyHunters threatened the Council of Europe, American Tower, JCPenney, Ralph Lauren, Nexstar, and Madison Square Garden Sports with leak deadlines earlier this month. The group has since claimed to have followed through on those threats, including the publication of an alleged Council of Europe dataset containing HR and payroll records. Readers can review BreachNews’ latest coverage here: ShinyHunters Publishes Alleged Council of Europe HR and Payroll Dataset After Leak Deadline Expires.
BreachNews has not independently verified any of the new claims or confirmed that the named organizations experienced security incidents.
ICSecurity allegedly exposed in latest listing
The newest entry targets ICSecurity, with ShinyHunters claiming to have compromised more than 2.7 million records along with additional internal corporate information.
The threat actor did not provide a detailed breakdown of the allegedly stolen data in the public listing. However, the post includes the group’s standard warning demanding contact before June 22 and threatening publication if negotiations do not occur.
At this stage, BreachNews has not independently verified the claim or identified any public statement from ICSecurity addressing the allegations.
One Medical allegedly faces largest claimed dataset
Another new listing targets One Medical, the Amazon-owned healthcare provider operating across the United States.
According to the leak site entry, ShinyHunters claims to possess more than 8.8 TB of data allegedly obtained from the organization.
The threat actor did not publicly disclose detailed descriptions of the purported contents in the listing. However, the volume claimed would represent one of the largest datasets attributed to the group’s current campaign if authentic.
Because One Medical maintains healthcare-related information, any confirmed compromise could raise concerns regarding patient privacy and regulatory compliance. At present, there is no public evidence confirming the claim.
NAIC listing alleges compromise of insurance industry platforms
The National Association of Insurance Commissioners was also added to the leak site with claims of a 3.1 TB data theft affecting more than 105,000 files.
According to the listing, the allegedly compromised data spans multiple insurance industry platforms and reporting systems, including INSData, Vision, SERFF, OPTINS, UCAA, EDP, RDC, and regulatory reporting environments used by state insurance departments and licensed insurers.
The threat actor claims the dataset contains millions of insurer filing documents, financial statements, quarterly reports, statistical data, rating agency files, and related insurance industry records.
If authentic, the alleged compromise could affect a broad range of insurers, regulators, and industry stakeholders that rely on NAIC-operated systems and reporting platforms.
Campaign continues to grow
The latest additions further expand what has become one of the most aggressive extortion campaigns currently attributed to ShinyHunters.
The threat actor has repeatedly used leak deadlines and public pressure tactics to force organizations into negotiations before releasing allegedly stolen data.
At the time of publication, BreachNews had not identified public statements addressing the allegations from ICSecurity, One Medical, or NAIC.
BreachNews will update this story if any of the organizations confirm an incident or if the threatened June 22 deadline results in the publication of data.
