Prudential Financial Notifies 36,000 Individuals of Data Breach

Written by

Prudential Financial last Friday commenced the process of informing over 36,000 individuals about a data breach that occurred in early February 2024. 

The breach, initially disclosed through a regulatory filing with the SEC in February, occurred on February 4 and was reportedly identified the following day. 

At that time, Prudential disclosed that the attackers gained access to systems containing company administrative and user data, as well as employee and contractor accounts. 

A week later, the Alphv/BlackCat ransomware group took responsibility for the attack and listed Prudential on its Tor-based leak site. This group was also behind a significant outage in the US health system last month after targeting Change Healthcare systems and services.

Read more on those events: Prudential Financial Faces Cybersecurity Breach

According to a filing with the Maine Attorney General’s Office published on March 29, Prudential has now confirmed that the hackers compromised the personal information of 36,545 individuals.

“Through the investigation, we learned that the unauthorized third party gained access to our network on February 4, 2024, and removed a small percentage of personal information from our systems,” reads the filing.

“Companies are always likely to remain wary of really rapid disclosure, given the financial impact these things can have on them, and use all the ‘tricks’ they can to delay,” commented Nick France, chief technology officer at Sectigo.

“Ultimately, I believe that the new SEC regulations should make these processes work faster; however, given the wording of the regulation and the fact that it only came into effect at the very end of 2023, it may take some time before we see disclosures happening at the 4-day pace.”

The individuals affected by the Prudential breach are being notified of the incident through written notifications. Among the compromised data are names or other personal identifiers in combination with driver’s license numbers or non-driver identification card numbers.

Image credit: rafapress /

What’s hot on Infosecurity Magazine?