Insurance giant Prudential Financial has started notifying more than 36,000 individuals that their personal information was compromised in a data breach in early February 2024.
Initially disclosed in mid-February in a regulatory filing with the US Securities and Exchange Commission, the incident occurred on February 4 and was identified one day later.
At the time, Prudential said that the attackers accessed systems containing company administrative and user data, as well as employee and contractor accounts.
One week later, the Alphv/BlackCat ransomware group claimed responsibility for the attack, listing Prudential on its Tor-based leak site. The threat actor is also responsible for the major US health system outage last month, after disrupting Change Healthcare systems and services.
In a filing with the Maine Attorney General’s Office on Thursday, just before the Easter holiday, Prudential revealed that the hackers had stolen the information of more than 36,000 individuals, to whom it is sending written notifications about the incident.
The data breach notification was filed for Prudential Insurance Company of America, the Prudential Financial company that issues insurance products.
In its notification letter, Prudential says that it activated its incident response plan immediately after identifying the breach and that it engaged external cybersecurity experts to help with the investigation into the matter.
“Through the investigation, we learned that the unauthorized third party gained access to our network on February 4, 2024 and removed a small percentage of personal information from our systems,” Prudential says.
Pertaining to the impacted individuals’ Prudential products and services, the stolen personal information includes names, addresses, driver’s license numbers, and non-driver identification card numbers.
The company says it has confirmed that the attackers no longer have access to its systems, and claims to have implemented additional security measures, including improved access controls, additional monitoring capabilities, and stronger authentication protocols.
Although it says that it is not aware of identity theft or fraud related to the stolen information, Prudential is providing the affected individuals with two years of complimentary credit monitoring services.
Related: US Offering $10 Million Reward for Information on Change Healthcare Hackers
Related: Fidelity Investments Life Insurance Company Discloses Data Breach
Related: 1.5 Million Affected by Data Breach at Insurance Broker Keenan & Associates
