Prudential Financial, a leading global financial services firm, has announced that a February data breach has impacted over 2.5 million people. The revelation came to light through a filing with the U.S. Securities and Exchange Commission, indicating the severity and scale of the incident.
The breach was initially detected on February 5, just a day after cybercriminals infiltrated Prudential’s systems, gaining access to sensitive administrative and user data, as well as employee and contractor accounts.
Initially, the company disclosed to the Maine Attorney General’s Office in March that personal information, including names, driver’s license numbers, and non-driver identification card numbers of over 36,000 individuals, had been compromised.
Prudential’s statement detailed that the unauthorized access occurred on February 4, and that only a small percentage of personal information was exfiltrated. In response, Prudential collaborated with leading cybersecurity experts to ensure that the breach was contained and that the perpetrators no longer had access to their systems.
Despite these efforts, a recent update to the Maine Attorney General’s Office disclosed that the breach’s impact was far more extensive than originally reported, affecting 2,556,210 individuals.
Breach claimed by ALPHV
The ALPHV/Blackcat ransomware group, notorious for its cyber attacks, claimed responsibility for the breach on February 13. This group has a history of high-profile attacks, including an incident where they stole a $22 million ransom from an affiliate involved in a separate breach of Change Healthcare.
The FBI has linked ALPHV to over 60 global breaches in its first four months of activity, amassing at least $300 million from over 1,000 victims by September 2023.
Prudential, the second-largest life insurance company in the United States, employs around 40,000 individuals globally and reported revenues exceeding $50 billion in 2023.
This breach is not an isolated incident for the company; in May 2023, the personal information of an additional 320,000 Prudential customers was exposed following a hack of the MOVEit Transfer file-sharing platform, used by a third-party vendor, Pension Benefit Information (PBI).
A Prudential spokesperson has not yet responded to requests for more details regarding the breach. The company continues to work diligently with cybersecurity experts to prevent future incidents and protect its customers’ data.
This breach underscores the increasing sophistication of cyber threats and the need for robust cybersecurity measures in protecting sensitive information.