Giant US insurer admits second data hack

Tens of thousands affected

Giant US insurer admits second data hack

Cyber

By Ryan Smith

Prudential Insurance has announced that hackers stole the information of more than 36,000 people in a February breach.

In a regulatory filing in Maine, Prudential’s law firm, Debevoise & Plimpton, said the insurer detected unauthorized access to its network on Feb. 5, according to a report by The Record.

“Through the investigation, we learned that the unauthorized third party gained access to our network on February 4, 2024, and removed a small percentage of personal information from our system,” the filing said.

According to Prudential, the names, addresses, and driver’s license or ID card numbers of 36,545 people were accessed. The company has notified law enforcement of the breach and hired an outside cybersecurity firm to assist in its response.

Victims of the breach will be given two years of identity protection services, The Record reported.

On Feb. 13, Prudential filed documents with the Securities and Exchange Commission stating that a cybercrime group had been able to access “administrative and user data from certain information technology systems” and “a small percentage” of user accounts associated with employees and contractors.

On Feb. 16, ransomware gang AlphV claimed responsibility for the attack. The gang is also responsible for a February attack against mortgage lender loanDepot, The Record reported.

Law enforcement agencies in the US, the UK and the European Union coordinated a takedown of AlphV’s website in December, but the ransomware group was quickly able to establish a new platform, according to The Record. The group was also allegedly tangentially involved in the recent Change Healthcare attack. That attack was carried out by a different ransomware group, and resulted in the payment of a $22 million ransom – which AlphV allegedly then stole from the other cybercrime group, The Record reported.

Last week, the State Department announced a reward of up to $10 million for information about the identity or location of AlphV members.

Prudential fell victim to an even larger breach in May of last year, when one of its vendors was impacted by the MOVEit cyber attack, exposing the personal information of more than 320,000 customers.

Have something to say about this story? Let us know in the comments below.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!