Prudential Insurance, a prominent insurer in the United States, has revealed that hackers compromised the sensitive data of over 36,000 individuals during a cyberattack in February.
According to a filing made on Friday with regulators in Maine, the company detected unauthorized access on February 5, prompting an immediate investigation.
In the breach notification letters, Prudential disclosed that an unauthorized third party gained access to their network on February 4, 2024, and extracted a small percentage of personal information from their systems. The compromised data includes names, addresses, driver’s license numbers, or ID cards of 36,545 individuals. The company has informed law enforcement of the incident and has enlisted the assistance of an external cybersecurity firm to manage the response.
Despite multiple inquiries, Prudential Insurance declined to comment on the specific systems breached or confirm if the incident involved a ransomware attack. Affected customers will receive two years of identity protection services.
Earlier in February, the company filed documents with the SEC warning of a cybercrime group’s successful breach, accessing administrative and user data from certain information technology systems, as well as a small percentage of company user accounts linked to employees and contractors.
On February 16, the AlphV ransomware gang claimed responsibility for the attack on Prudential Insurance, along with another major financial entity, loanDepot.
The disclosure by Prudential Insurance marks one of the final acts of the AlphV group, following a law enforcement takedown in December. Although authorities coordinated efforts to dismantle the gang’s infrastructure in the U.S., U.K., and European Union, the group quickly reemerged with a new platform.
Their activities persisted until their last significant attack, involving Change Healthcare. Allegedly, the group’s leaders absconded with the ransom paid by the healthcare company, leading to the complete cessation of their operations.
Recently, the U.S. State Department announced a reward of up to $10 million for any information leading to the identification or location of individuals associated with AlphV.
This disclosure of a cyberattack adds to Prudential Insurance’s previous data security concerns. Last year, the company reported a larger breach linked to another ransomware gang exploiting a popular file-sharing tool, exposing the Social Security numbers and other sensitive data of more than 320,000 individuals.
