Update – 07/01: Prudential Insurance has adjusted the number of people affected in this data breach to 2,556,210. There have been no other updates to the data breach notification letter.
Prudential Insurance has confirmed a data breach affecting more than 36,000 Prudential Insurance customers. Prudential Insurance Company of America on Friday notified the public about the security breach that lasted two days from February 4 to February 5, 2024.
The stolen data included names, addresses, and driver’s license numbers or non-driver ID card numbers. Ransomware group ALPHV/BlackCat claimed responsibility on February 16, 2024.
Prudential sent a notice to affected customers, which states, “Through the investigation, we learned that the unauthorized third party gained access to our network on February 4, 2024 and removed a small percentage of personal information from our systems.” Prudential said attackers accessed systems containing company administrative and user data, as well as employee and contractor accounts.
Although Prudential says it secured its systems by February 5, ALPHV/BlackCat claimed to retain unauthorized access until at least February 15.
Comparitech contacted Prudential for comment, and we will update this article if it responds.
This is the second data breach reported by Prudential in the last year. On July 31, 2023, it sent data breach notices following an attack exploiting the MOVEit file transfer software, which contained a vulnerability that led to attacks against a wide range of organizations that use it. The 2023 incident exposed the Social Security numbers, phone numbers, and addresses of 320,840 people.
Thankfully, this latest breach isn’t as big and didn’t expose information that could directly lead to identity theft or fraud. Still, victims should be on the lookout for phishing emails and messages sent by scammers posing as Prudential or a related company. Never click on attachments or links in unsolicited emails. We encourage customers to take advantage of the 24 months of free identity theft and credit monitoring services offered by Prudential through Kroll.
ALPHV/BlackCat plagues the finance sector
We’ve recorded six confirmed attacks on US financial organizations so far this year, including large-scale attacks on LoanDepot and Equilend. In 2023, we saw 47 attacks on financial organizations in total, affecting more than 4.5 million records.
ALPHV/BlackCat claimed responsibility for some of the biggest of these attacks, including LoanDepot, Fidelity (1,316,938 records via LoanCare), Academy Mortgage (284,443 records), and Progressive Leasing (193,055 records).
ALPHV/BlackCat is a prolific ransomware group that has targeted high-profile organizations in multiple industries, including business services, financial services, healthcare, manufacturing, retail, critical infrastructure, and law firms. According to DarkFeed.io, it racked up 417 victims in 2023.
About Prudential Insurance Company of America
Prudential Insurance is a Fortune 500 company that provides insurance, retirement planning, investment management, and other services in more than 50 countries. It employs more than 40,000 people, serves more than 50 million customers, and has $1.4 trillion in assets under management.