Cybercrime Data Breach Impacted 36,000, Prudential Says In Filing

NEWARK, NJ — A data breach at New Jersey-based Prudential Financial may have impacted more than 36,000 people, according to recent filings.

Prudential, which has a headquarters in Newark, initially released information about the breach last month in a report to the U.S. Securities and Exchange Commission (SEC).

According to the report, a “threat actor” gained unauthorized access to some of the company’s systems on Feb. 4.

“We believe the threat actor is a cybercrime group, and our investigation has identified that the group accessed and exfiltrated from a platform limited data that includes some client information and personally identifiable information,” the report stated.

“The threat actor also accessed and exfiltrated company administrative and user data from certain information technology systems and accessed a small percentage of company user accounts associated with employees and contractors," the report continued.

Prudential detected the breach the next day. Here’s what happened next, the report says:

“With assistance from external cybersecurity experts, we immediately activated our cybersecurity incident response process to investigate, contain and remediate the incident … We reported this matter to relevant law enforcement and have been informing regulatory authorities. On the basis of the investigation to date, we have not found any evidence of malware, ransomware, data destruction or alteration, or that the threat actor currently has access to our systems. We continue to investigate the extent and impact of the incident, including whether the threat actor accessed any additional information or system."

Prudential added that the incident hasn’t had a material impact on its operations.

The data breach impacted 36,545 people in total, according to a recent notification filed with the Office of the Maine Attorney General.

The company has begun notifying people impacted by the breach.

“Importantly, we are not aware of fraud or misuse of your personal information resulting from this incident,” an outreach letter from the company says.

The letter continues:

“Prudential takes this incident and our responsibility to protect your personal information extremely seriously. As part of our response, we have worked with leading cybersecurity experts to confirm the unauthorized third party no longer has access to our company systems. We also have taken proactive measures to protect our systems and data, including enhancing access controls and security protocols, and implementing additional monitoring technologies and procedures, among other actions. We are also taking steps to strengthen our authentication protocols and help protect access to your account. While we are not aware of identity theft or fraud related to information affected by this incident, as an additional precaution, we are providing you with 24 months of complimentary credit monitoring services.”

State officials say there has been an “alarming increase” in the number of cyberattacks targeting the financial sector.

According to the New Jersey Cybersecurity & Communications Integration Cell, the sector was one of the top five most impacted by ransomware in 2023, with incidents including unavailable systems, disrupted operations, reputational damage and financial loss.

Send local news tips and correction requests to eric.kiefer@patch.com. Learn more about advertising on Patch here. Find out how to post announcements or events to your local Patch site.