Prudential revises 2.5M customers exposed in Feb breach

American insurance provider, Prudential Financial, has revised the number of customers whose information may have been exposed during a February breach by millions.

The breach, which Prudential had first disclosed in a filing with the US Securities and Exchange Commission (SEC) on February 12th, was claimed by the notorious ALPHV /Blackcat ransomware group.

The Russian-linked ransomware gang was reported to have breached certain Prudential systems, gaining unauthorized access to “administrative and user data…and a small percentage of Company user accounts associated with employees and contractors,” the financial giant revealed in the filing.

Prudential  SEC filing Feb 12th
US Securities and Exchange Commission

The original number of customers affected was reported by the Maine Attorney’s General office as 36,545 individuals.

Personal data leak checker

Check whether your online credentials have been compromised with an up-to-date personal data leak checker tool.

Check if your data has been compromised

As of Wednesday, that number has increased to a whopping 2,556,210, according to the updated breach notice on the Main AG’s website.

A Prudential spokesperson told Cybernews on Wednesday that notifications to affected customers, were “substantially complete at this time.”

“As a part of our response to the cybersecurity incident disclosed in February, Prudential worked diligently to complete a complex analysis of the affected data and notify individuals, as appropriate, on a rolling basis starting on March 29th, 2024,” the company noted.

Furthermore, the company said it was providing all affected individuals with 24 months of complimentary credit monitoring as an additional protection.

“We take this incident and our responsibility to protect personal information extremely seriously. We have taken, and will continue to take, proactive measures to enhance our security protocols, and protect our systems and data.” the Prudential spokesperson said.

Prudential  Maine AG2

Nick Tausek, Lead Security Automation Architect at cybersecurity firm Swimlane says it’s crucial for organizations in the financial industry to safeguard customer data and prioritize a comprehensive approach.

In fact, 42% of financial organizations have had at least one breach with a total cost of $1M in the last 12 months, with 20% experiencing a breach with a total cost of more than $5M, according to a recent study by Swimlane and Omdia.

Tausek pointed out that often disjointed cybersecurity tools lacking cross-communication and cloud integration are straining team bandwidth and creating security gaps” Tausek said.

Although not specifically attributing this as the cause of Prudential’s February 4th breach, Tausek noted that cybercriminals take advantage of these types of gaps, contributing to frequent and costly breaches.

Tausek believes companies should incorporate “a layered security strategy that focuses on proactive measures rather than just reactive tools.”

“By prioritizing the detection, response, and investigation of threats, organizations can gain comprehensive visibility of the entire IT environment, and increase efficiency while responding to threats, he added.