Prudential revises breach notice to say 2.5 million affected by February incident

More than 2.5 million people potentially had information leaked during a February breach of insurance giant Prudential, according to updated documents filed with regulators. 

In March, Prudential said the names, addresses, driver's license numbers or ID cards of 36,545 were exfiltrated when hackers gained access to the company’s network on February 4, 2024.

The company revised that figure last Friday in new data breach filings in Maine, telling regulators that 2,556,210 had data stolen. A spokesperson for Prudential stressed to Recorded Future News that not every victim had the same information leaked during the attack. 

“As a part of our response to the cybersecurity incident disclosed in February, Prudential worked diligently to complete a complex analysis of the affected data and notify individuals, as appropriate, on a rolling basis starting on March 29, 2024,” the spokesperson said. 

“Prudential’s notifications are substantially complete at this time. We are providing all affected individuals with 24 months of complimentary credit monitoring as an additional protection.”

The incident relates back to a cyberattack claimed by a now-defunct ransomware gang. 

Prudential reported the incident to the SEC on February 13 and said the group gained access to “administrative and user data from certain information technology systems and a small percentage of Company user accounts associated with employees and contractors.”

Prudential Insurance reported an even larger data breach last year connected to another ransomware gang’s exploitation of a popular file sharing tool. More than 320,000 people had their Social Security numbers and other information leaked.