Prudential Insurance now says BlackCat ransomware attack impacted over 2.5 million customers

The Prudential Insurance Company of America said the data security incident it suffered earlier this year compromised the sensitive personal information of more than 2.5 million individuals.

 

In a filing with the Office of the Maine Attorney General, Prudential Insurance said that on February 5, it detected unauthorised access in its internal network. Immediately, the insurance provider launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“Through the investigation, we learned that the unauthorised third party gained access to our network on February 4, 2024 and removed a small percentage of personal information from our systems,” reads the notice.

The compromised data included the names and other personal identifiers, along with driver’s licence numbers and non-driver identification card numbers.

 

While Prudential’s initial filing with the Maine state regulator revealed that 36,545 individuals were impacted, the company said in a recent filing that it has identified as many as 2,556,210 individuals whose data was compromised during the incident.

 

“We have taken proactive measures to protect our systems and data, including enhancing access controls and security protocols, and implementing additional monitoring technologies and procedures, among other actions. We are also taking steps to strengthen our authentication protocols and help protect access to your account,” the insurance provider added.

 

While Prudential found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

It has also offered two years of complimentary identity protection and credit monitoring services through Kroll to all affected individuals.

 

In February, the ALPHV/BlackCat ransomware group claimed responsibility for the cyber attack on the company and listed it as a victim on its data leak site.