Prudential Financial, a prominent global financial services Fortune 500 company overseeing approximately $1.4 trillion in assets, disclosed a network breach last week, during which attackers accessed employee and contractor data before being blocked from compromised systems one day later.
The second-largest life insurance company in the United States, Prudential serves over 50 million customers worldwide, providing insurance, retirement planning, and wealth and investment management services. With a workforce of 40,000 and reported revenues exceeding $50 billion in 2023, the company filed an 8-K form with the U.S. Securities and Exchange Commission today, revealing details of the breach.
According to the filing, the breach was detected on February 5, with attackers gaining access to certain information technology systems and a small percentage of user accounts associated with employees and contractors on February 4. Prudential suspects the involvement of a cybercrime group as the threat actor.
Prudential promptly reported the security breach to law enforcement agencies and notified relevant regulatory authorities. An ongoing investigation is underway to determine the full scope and impact of the incident, including any potential access to additional information or systems within the insurer’s network.
As of the filing date, there is no evidence indicating that the attackers obtained customer or client data. The company reassured that the incident has not materially affected its operations or financial condition.
Notably, over 320,000 Prudential customers had their personal information exposed in May 2023 after a breach at third-party vendor Pension Benefit Information (PBI). PBI disclosed that customer data, including names, addresses, dates of birth, phone numbers, and Social Security numbers, was compromised during the incident.
Prudential Financial has yet to provide a comment on the recent breach when contacted by BleepingComputer. The incident underscores the ongoing cybersecurity challenges faced by financial institutions and highlights the importance of robust security measures to safeguard sensitive data.
