Prudential Financial reveals millions of customers affected by data breach

Lock on Laptop Screen
(Image credit: (Image credit: Future)

The data smash-and-grab that happened at one of America's largest life insurance companies earlier this year is a lot bigger than initially thought. 

Prudential Financial, which suffered at the hands of ALPHV (AKA BlackCat) in early February 2024, initially told the SEC that the attack resulted in some customer data being accessed, as well as “a small percentage of company user accounts associated with employees and contractors.”

The company has now updated its 8-K form filed with the office of the Maine Attorney General, in which it now stated that exactly 2,556,210 people had their sensitive files taken by the cybercrime group. We don’t know exactly what kind of information the hackers took, but we can assume the usual - names, email addresses, postal addresses, and possibly insurance information.

ALPHV's disappearance

We have reached out to Prudential Financial with inquiries about the nature of the data stolen and will update the article if we hear back from the company.

In mid-February this year, a notorious ransomware threat actor known as ALPHV, or BlackCat, assumed responsibility for the attack. This group was one of the largest, and most disruptive, ransomware operators on the dark web, responsible for - among other things - a major attack at Change Healthcare. 

One of its affiliates managed to extort $22 million from Change Healthcare, which ALPHV took and disappeared without a trace. Change never got its data back, and a new ransomware group, emerged from the disappearance of ALPHV, was left holding the archives. 

Prudential Financial is a global leader in financial services, and a Fortune 500 company that manages approximately $1.4 trillion in assets. It offers a wide variety of services, from insurance, to retirement planning, to wealth management and investing. It boasts more than 50 million customers around the world.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.