Prudential Data Breach Victim Count Soars to 2.5M

After initially disclosing a data breach in February to the Securities and Exchange Commission (SEC) that it said was not materially impacting, Prudential Financial has updated its notice with a revised total number of affected residents — a number staggeringly higher than anticipated.

More than 2.5 million individuals have been compromised by this data breach attack, rather than the 36,000 the insurance company originally said were affected. The stolen information includes names, addresses, driver’s license numbers, and identification card numbers.

The notice was filed with the Maine Attorney General's Office just last week by the larger Prudential Insurance Company of America.

Legal proceedings popped up after the discovery of the breach earlier this year, with plaintiff Constance Boyd leading a class action lawsuit against the company in a New Jersey court, arguing that it failed to safeguard its client's data, ultimately leading to the breach. It's unclear how this lawsuit will be affected with the uptick in impacted individuals.

Prudential withheld any information on the threat actors, but the ALPHV/BlackCat ransomware group claimed responsibility for the hack after adding the company to its leak site.

As for recovery operations, the data breach notification says that the company will be providing 24 months of identity theft and credit monitoring services through Kroll, an independent financial and risk solutions company.

Don't miss the latest Dark Reading Confidential podcast, where we talk to two ransomware negotiators about how they interact with cybercriminals; including how they brokered a deal to restore operations in a hospital NICU where lives were at stake; and how they helped a church, where the attackers themselves "got a little religion." Listen now!