Prudential revises breach notice to say 2.5 million affected by February incident


More than 2.5 million people potentially had information leaked during a February breach of insurance giant Prudential, according to updated documents filed with regulators. 

In March, Prudential said the names, addresses, driver’s license numbers or ID cards of 36,545 were exfiltrated when hackers gained access to the company’s network on February 4, 2024.

The company revised that figure last Friday in new data breach filings in Maine, telling regulators that 2,556,210 had data stolen. A spokesperson for Prudential stressed to Recorded Future News that not every victim had the same information leaked during the attack. 

“As a part of our response to the cybersecurity incident disclosed in February, Prudential worked diligently to complete a complex analysis of the affected data and notify individuals, as appropriate, on a rolling basis starting on March 29, 2024,” the spokesperson said. 

“Prudential’s notifications are substantially complete at this time. We are providing all affected individuals with 24 months of complimentary credit monitoring as an additional protection.”

The incident relates back to a cyberattack claimed by a now-defunct ransomware gang

Prudential reported the incident to the SEC on February 13 and said the group gained access to “administrative and user data from certain information technology systems and a small percentage of Company user accounts associated with employees and contractors.”

Prudential Insurance reported an even larger data breach last year connected to another ransomware gang’s exploitation of a popular file sharing tool. More than 320,000 people had their Social Security numbers and other information leaked.

News BriefsCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Poland to probe Russia-linked cyberattack on state news agency

Next Post

Japanese anime and gaming giant admits data leak following ransomware attack

Related Posts

Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks

Users of the CrushFTP enterprise file transfer software are being urged to update to the latest version following the discovery of a security flaw that has come under targeted exploitation in the wild. "CrushFTP v11 versions below 11.1 have a vulnerability where users can escape their VFS and download system files," CrushFTP said in an advisory released Friday.
Read More