Prudential Insurance says data of 36,000 exposed during February cyberattack

Prudential Insurance — one of the largest insurers in the United States — said hackers stole the sensitive information of more than 36,000 during a February incident.

In a filing on Friday with regulators in Maine, the company said it detected unauthorized access on February 5, prompting an investigation. 

“Through the investigation, we learned that the unauthorized third party gained access to our network on February 4, 2024 and removed a small percentage of personal information from our systems,” the breach notification letters said. 

The company said the names, addresses, driver's license numbers or ID cards of 36,545 were accessed. Law enforcement has been informed of the incident and Prudential hired an outside cybersecurity firm to help with the response. 

Prudential Insurance did not respond to requests for comment about what systems were accessed or whether it was a ransomware attack. Victims will be given two years of identity protection services.

The company filed documents with the SEC on February 13 warning that a “cybercrime group” was able to access “administrative and user data from certain information technology systems and a small percentage of Company user accounts associated with employees and contractors.”

On February 16, the AlphV ransomware gang claimed it attacked the company, posting it alongside massive mortgage lender loanDepot.

The Prudential Insurance posting was one of the group’s last following a law enforcement takedown that took place in December. Agencies in the U.S., U.K. and European Union coordinated a takeover of the gang’s infrastructure, but the group was able to quickly create a new platform.

They continued posting victims until their last, and arguably most impactful attack, involving Change Healthcare. The group’s leaders allegedly stole the ransom their affiliate received from the healthcare company and have since shut down the operation entirely.  

Last week, the U.S. State Department announced a reward of up to $10 million for information leading to the identification or location of anyone who was part of AlphV. 

Prudential Insurance reported an even larger data breach last year connected to another ransomware gang’s exploitation of a popular file sharing tool. More than 320,000 people had their Social Security numbers and more leaked.