Prudential revises breach notice to say 2.5 million affected by February incident

Avatar

More than 2.5 million people potentially had information leaked during a February breach of insurance giant Prudential, according to updated documents filed with regulators. 

In March, Prudential said the names, addresses, driver’s license numbers or ID cards of 36,545 were exfiltrated when hackers gained access to the company’s network on February 4, 2024.

The company revised that figure last Friday in new data breach filings in Maine, telling regulators that 2,556,210 had data stolen. A spokesperson for Prudential stressed to Recorded Future News that not every victim had the same information leaked during the attack. 

“As a part of our response to the cybersecurity incident disclosed in February, Prudential worked diligently to complete a complex analysis of the affected data and notify individuals, as appropriate, on a rolling basis starting on March 29, 2024,” the spokesperson said. 

“Prudential’s notifications are substantially complete at this time. We are providing all affected individuals with 24 months of complimentary credit monitoring as an additional protection.”

The incident relates back to a cyberattack claimed by a now-defunct ransomware gang

Prudential reported the incident to the SEC on February 13 and said the group gained access to “administrative and user data from certain information technology systems and a small percentage of Company user accounts associated with employees and contractors.”

Prudential Insurance reported an even larger data breach last year connected to another ransomware gang’s exploitation of a popular file sharing tool. More than 320,000 people had their Social Security numbers and other information leaked.

News BriefsCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

Poland to probe Russia-linked cyberattack on state news agency

Next Post

Japanese anime and gaming giant admits data leak following ransomware attack

Related Posts

Belarusian-Ukrainian Hacker Extradited to U.S. for Ransomware and Cybercrime Charges

A coalition of law enforcement agencies coordinated by the U.K. National Crime Agency (NCA) has led to the arrest and extradition of a Belarussian and Ukrainian dual-national believed to be associated with Russian-speaking cybercrime groups. Maksim Silnikau (aka Maksym Silnikov), 38, went by the online monikers J.P. Morgan, xxx, and lansky. He was extradited to the U.S. from Poland on August 9,
Avatar
Read More