Prudential revises 2.5M customers exposed in Feb breach

Prudential revises 2.5M customers exposed in Feb breach



American insurance provider Prudential Financial has revised the number of customers whose information may have been exposed during a February breach by millions.

The breach, that Prudential had first disclosed in a filing with the US Securities and Exchange Commission (SEC) on February 12th, was claimed by the notorious ALPHV /Blackcat ransomware group.

The Russian-linked ransomware gang was reported to have breached certain Prudential systems, gaining unauthorized access to “administrative and user data…and a small percentage of Company user accounts associated with employees and contractors,” the financial giant revealed in the filing
“We take this incident and our responsibility to protect personal information extremely seriously. We have taken, and will continue to take, proactive measures to enhance our security protocols, and protect our systems and data.” the Prudential spokesperson said.
Nick Tausek, Lead Security Automation Architect at cybersecurity firm Swimlane says it’s crucial for organizations in the financial industry to safeguard customer data and prioritize a comprehensive approach.

In fact, 42% of financial organizations have had at least one breach with a total cost of $1M in the last 12 months, with 20% experiencing a breach with a total cost of more than $5M, according to a recent study by Swimlane and Omdia.
Tausek pointed out that often disjointed cybersecurity tools lacking cross-communication and cloud integration are straining team bandwidth and creating security gaps” Tausek said.

Although not specifically attributing this as the cause of Prudential’s February 4th breach, Tausek noted that cybercriminals take advantage of these types of gaps, contributing to frequent and costly breaches.

Tausek believes companies should incorporate “a layered security strategy that focuses on proactive measures rather than just reactive tools.”
“By prioritizing the detection, response, and investigation of threats, organizations can gain comprehensive visibility of the entire IT environment, and increase efficiency while responding to threats, he added.