More than 2.5 million individuals are affected by a February 2024 data breach, Prudential Financial says in an updated incident notification.
The insurance giant initially disclosed the data breach in February in a filing with the US Securities and Exchange Commission, and announced in late March that more than 36,000 individuals might have been affected.
In an incident notice update filed with the Maine Attorney General’s Office last week, Prudential said that the incident resulted in the data of 2,556,210 individuals being compromised.
The notice was filed for Prudential Insurance Company of America, the Prudential Financial company that provides insurance products.
The stolen information included names, addresses, driver’s license numbers, and non-driver identification card numbers, the company previously revealed.
The data breach occurred on February 4 and was discovered on February 5, triggering Prudential’s incident response plan and an investigation conducted in collaboration with external experts. The company is providing the impacted individuals with two years of free credit monitoring services.
In June, a class action lawsuit was filed against Prudential in a New Jersey federal court over the February data breach.
While Prudential did not share information on the attackers, the Alphv/BlackCat ransomware group claimed responsibility for the incident in mid-February, when it added the insurance giant to its Tor-based leak site.
The ransomware-as-a-service (RaaS), which survived a law enforcement takedown in December 2023, was also responsible for the disruptive attack on Change Healthcare that caused major outages across the US healthcare system.
Alphv/BlackCat ceased operations in early March, after allegedly pulling an exit scam to avoid sharing with an affiliate the $22 million ransom that Change Healthcare paid up.
Related: LivaNova USA Discloses Data Breach Impacting 130,000 Individuals
Related: Push Notification Fatigue Leads to LA County Health Department Data Breach
Related: Santander Employee Data Breach Linked to Snowflake Attack
Related: Designed Receivable Solutions Data Breach Impacts 585,000 People
