Finance & Banking , Fraud Management & Cybercrime , Incident & Breach Response
Millions Affected by Prudential Ransomware Hack in February
Insurance Giant Says Hackers Stole Data of 2.5 Million IndividualsA February ransomware attack against Prudential Financial affected 2.5 million customers, the financial giant disclosed after initially characterizing the incident as minor.
See Also: Gartner Guide for Digital Forensics and Incident Response
The New Jersey insurance provider - it manages $1.496 trillion in assets - in February told federal regulators that hackers stole "limited data" including client data and personal identifiable information. In March it began notifying 36,545 individuals that hackers stole driver's license numbers.
In an updated notification total, the insurer now said the names of 2,556,210 individuals were stolen, in combination with additional, unspecified data.
In an emailed statement, Prudential said the tally shouldn't increase a second time. "Prudential worked diligently to complete a complex analysis of the affected data and notify individuals, as appropriate, on a rolling basis starting on March 29, 2024. Prudential's notifications are substantially complete at this time," a spokesperson said.
Russian-speaking ransomware-as-a-service group Alphv claimed responsibility for the attack. The group, also known as Black Cat, apparently shut down in March after receiving a $22 million extortion payment from Optum's Change Healthcare medical billing middleman unit (see: BlackCat Ransomware Group 'Seizure' Appears to Be Exit Scam).
Analysis by the FBI in 2023 shows the group began focusing on the healthcare sector in December 2023. Suspected of being a successor to DarkSide and BlackMatter, with ties to former REvil members, the group has used the Emotet botnet to distribute ransomware. The March notification from Prudential says the breach was caused by social engineering. A noted Alphv affiliate tracked as Scattered Spider, Octo Tempest and UNC3944 has, in particular, used effective social engineering techniques thanks to its members' ability to speak American English (see: Spanish Police Bust Alleged Leader of Scattered Spider).