Financial services giant Prudential reveals scale of February cyberattack. Over 2.5 Million Customers feel the burnt.
Prudential Financial, a global financial services firm serving tens of millions of customers worldwide, has updated details on a data breach originally disclosed in February 2024.
In a recent filing with state regulators, Prudential now says the breach impacted over 2.5 million individuals – a massive increase from the initial estimate of 36,000 affected customers.
Prudential first detected an unauthorized intrusion into its systems on February 5th. An initial investigation found that hackers breached the company’s network on February 4th, exfiltrating “a small percentage of personal information.” This included names, driver’s license numbers, non-driver IDs, and employee/contractor account credentials.
Prudential engaged cybersecurity experts to investigate the full scope and source of the attack. In March, it notified 36,000 people whose data was confirmed stolen. However, in a new filing last week, Prudential has substantially raised its estimate of affected individuals to 2,556,210 customers nationwide.
The ALPHV Ransomware Group Behind the Prudential Financial Data Breach
The cybercrime group ALPHV/Blackcat has claimed responsibility for the Prudential Financial data breach. As the article notes, “ALPHV shut down its operations and pulled an exit scam after stealing the $22 million ransom from Notchy, the affiliate behind the Change Healthcare breach.” The FBI has linked ALPHV to over 60 data breaches worldwide in its first four months, netting an estimated $300 million from ransom payments by over 1,000 victims.
As a major financial services provider with 40,000 employees and $50 billion in annual revenue, this Prudential Financial data breach potentially exposed sensitive personal and financial details of millions of customers. It underscores the ongoing risks large corporations face from sophisticated cybercriminal entities like ALPHV. Individuals whose information was compromised are advised to closely monitor their accounts and credit reports for signs of fraudulent activity or identity theft.
A Growing Problem for Many Industries
Unfortunately, Prudential is just one of many large companies that have fallen victim to ransomware and data breaches in recent years. The financial services, healthcare and technology industries in particular have seen numerous high-profile incidents. In May 2023, Clop ransomware hackers also stole data on 320,000 Prudential customers from a third-party vendor. And major firms like Panera Bread, Infosys and Change Healthcare have all faced attacks that led to compromised customer records.
With cybercriminals continually refining their techniques, even sophisticated organizations struggle to prevent determined intrusions. The Prudential Financial data breach highlights the need for constant vigilance through strong security practices, rapid incident response, and transparency with those impacted. Only through collaboration between government, businesses and the cybersecurity community can the growing costs of these cyberattacks for both companies and consumers ultimately be reduced.