Prudential Financial has disclosed that its network was breached last week, with the attackers stealing employee and contractor data before being blocked from compromised systems one day later.
This leading global financial services Fortune 500 company manages roughly $1.4 trillion in assets, and it provides insurance, retirement planning, as well as wealth and investment management services to over 50 million customers across the United States, Asia, Europe, and Latin America.
As the second-largest life insurance company in the U.S., it also reported revenues of more than $50 billion in 2023, employing 40,000 people worldwide.
As revealed in an 8-K form filed with the U.S. Securities and Exchange Commission earlier today, the company detected the breach on February 5, and it said the attackers gained access to some of its systems one day earlier, on February 4.
“As of the date of this Report, we believe that the threat actor, who we suspect to be a cybercrime group, accessed Company administrative and user data from certain information technology systems and a small percentage of Company user accounts associated with employees and contractors,” Prudential said.
Prudential has reported the security breach to law enforcement agencies and notified all relevant regulatory authorities of the data breach.
An ongoing investigation is assessing the full scope and impact of the incident, including potential access to other information or systems on the insurer’s network.
However, at the moment, the company has yet to find any indication that the malicious actors have obtained customer or client data.
“As of the date of this Report, the incident has not had a material impact on the Company’s operations, and the Company has not determined the incident is reasonably likely to materially impact the Company’s financial condition or results of operations,” the company said.
The personal information of over 320,000 Prudential customers whose data had been handled by third-party vendor Pension Benefit Information (PBI) was exposed in May 2023 after the Clop cybercrime gang breached PBI’s MOVEit Transfer file sharing platform.
“Our investigation determined that the following types of information related to you were present in the server at the time of the event: name, address, date of birth, phone number, and Social Security number,” PBI said at the time.
A Prudential Financial spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.
Source: www.bleepingcomputer.com