Get updates delivered to you daily. Free and customizable.
ITPro
Prudential said 36,000 people were affected in a February data breach – it just revised that number to 2.5 million
By Solomon Klappholz,
19 hours ago
Prudential Financial , a major US insurance firm, has revised a breach notice for a cyber attack that hit the company in February 2024, now stating that over 2.5 million individuals had their data stolen.
The company’s initial filing to the Attorney General’s Office in Maine listed the number of affected persons as 36,545, revealing a drastic increase in the scope of the attack.
One of the major life insurance providers in the US and beyond, Prudential boasts approximately 50 million customers around the world.
According to Prudential, the attackers were able to access these individuals’ names and other personal identifiers, as well as their driver’s license numbers and other non-driver ID card numbers.
It is not clear what led to this revision, ITPro has approached Prudential Financial for clarification on this development and will update this article with their response if it is forthcoming.
In a statement given to The Record , a spokesperson for Prudential said the information leaked during the incident was different for each individual.
Prudential said it would be providing affected parties with 24 months of complimentary credit monitoring as an additional layer of protection.
The initial breach took place on 2 February 2024 and was discovered two days later, according to the filing, with a description of the incident listed as a social engineering attack .
“Through the investigation, we learned that the unauthorized third party gained access to our network on February 4, 2024, and removed a small percentage of personal information from our system”
Prudential has not shared any further information on the threat actors behind the attack, but did not directly refute claims from ALPHV/Blackcat that it was responsible for the attack.
ALPHV added Prudential to its dedicated leak site on 16 February 2024, although they did not provide any sample data of proof of their access.
Nick Tausek, lead security automation architect at Swimlane suggested that disjointed tooling across an increasingly complicated technology stack is leaving security gaps in many organization’s network perimeter , and threat actors are targeting these weak spots.
"While their security teams need various tools to protect complex technology environments, disjointed tools that lack cross-communication and cloud integration are straining team bandwidth and creating security gaps ,” he said.
“Cyber criminals are taking advantage of these gaps, leading to frequent and costly breaches. According to a recent report from Swimlane and Omdia , 42% of financial organizations have had at least one breach with a total cost of $1M in the last 12 months, with 20% experiencing a breach with a total cost of more than $5M.”
Get updates delivered to you daily. Free and customizable.
Welcome to NewsBreak, an open platform where diverse perspectives converge. Most of our content comes from established publications and journalists, as well as from our extensive network of tens of thousands of creators who contribute to our platform. We empower individuals to share insightful viewpoints through short posts and comments. It’s essential to note our commitment to transparency: our Terms of Use acknowledge that our services may not always be error-free, and our Community Standards emphasize our discretion in enforcing policies. We strive to foster a dynamic environment for free expression and robust discourse through safety guardrails of human and AI moderation. Join us in shaping the news narrative together.
Comments / 0