HQ/EMEAFind out how we can help your business
Prudential Insurance, one of the most prominent insurance companies in the United States, revealed that a cyberattack had compromised the personal data of over 36,000 individuals in February.
The company disclosed in a filing with regulators in Maine that they detected the unauthorised access on February 5, which prompted their immediate investigation into the matter.
According to the breach notification letters sent out by Prudential, the unauthorised third party managed to infiltrate their network on February 4, 2024, and extracted a small portion of personal information from their systems.
Moreover, the company confirmed that the compromised data contained the names, addresses, driver’s license numbers, or ID cards of 36,545 individuals. They have also stated that they have alerted relevant law enforcement authorities about the incident and enlisted a security provider’s assistance to help them address the situation.
Prudential Insurance refuses to give further details about the cyberattack.
As of now, Prudential Insurance has remained silent about the attack despite numerous requests for comments regarding the specific systems breached or whether it was a ransomware attack.
However, potentially affected individuals will receive two years of identity protection services as part of the company’s response plan.
In documents filed with the SEC on February 13, Prudential warned of a cybercrime group gaining access to administrative and user data from specific IT systems and a small percentage of company user accounts linked to employees and contractors.
Coincidentally, on February 16, the BlackCat ransomware group claimed responsibility for the attack on Prudential, alongside a similar assault on mortgage lender loanDepot.
This incident is one of the AlphV ransomware group’s final attacks before a law enforcement operation took down their infrastructure last year. Still, the group quickly resurfaced, continuing its malicious activities until its last significant attack, targeting Change Healthcare.
In response to the threat posed by BlackCat and similar cybercriminal organisations, the U.S. State Department announced a reward of $10M for information leading to the identification or whereabouts of individuals associated with the group.
This latest breach is not Prudential’s first encounter with cybersecurity threats. Last year, the company dealt with a more significant data breach attributed to another ransomware group that leveraged a widely used file-sharing tool. Over 320,000 individuals had their Social Security numbers and other sensitive information exposed in that incident.
Since Prudential Insurance is adamant about giving new details of the attack, potentially affected parties should be cautious in navigating their digital landscape since threat actors could use the compromised data to execute other illicit activities.
