Threat Actor: AlphV ransomware gang
Victim: Prudential Insurance
Information:
– The sensitive information of more than 36,000 individuals was stolen from Prudential Insurance during a cyberattack in February.
– The unauthorized third party gained access to Prudential Insurance’s network on February 4, 2024, and removed a small percentage of personal information.
– The accessed information includes names, addresses, driver’s license numbers, or ID cards of 36,545 individuals.
– Law enforcement has been informed of the incident and Prudential Insurance has hired an outside cybersecurity firm for assistance.
– It is unclear whether the cyberattack was a ransomware attack.
– Victims of the breach will be provided with two years of identity protection services.
– Prudential Insurance had previously reported a larger data breach last year involving another ransomware gang, which resulted in the leak of Social Security numbers and other personal information of over 320,000 people.
– The AlphV ransomware gang claimed responsibility for the attack on Prudential Insurance and posted about it on social media.
– The AlphV ransomware gang had faced a law enforcement takedown in December but quickly created a new platform to continue their activities.
– The U.S. State Department has announced a reward of up to $10 million for information leading to the identification or location of anyone associated with the AlphV ransomware gang.
Prudential Insurance — one of the largest insurers in the United States — said hackers stole the sensitive information of more than 36,000 during a February incident.
In a filing on Friday with regulators in Maine, the company said it detected unauthorized access on February 5, prompting an investigation.
“Through the investigation, we learned that the unauthorized third party gained access to our network on February 4, 2024 and removed a small percentage of personal information from our systems,” the breach notification letters said.
The company said the names, addresses, driver’s license numbers or ID cards of 36,545 were accessed. Law enforcement has been informed of the incident and Prudential hired an outside cybersecurity firm to help with the response.
Prudential Insurance did not respond to requests for comment about what systems were accessed or whether it was a ransomware attack. Victims will be given two years of identity protection services.
The company filed documents with the SEC on February 13 warning that a “cybercrime group” was able to access “administrative and user data from certain information technology systems and a small percentage of Company user accounts associated with employees and contractors.”
On February 16, the AlphV ransomware gang claimed it attacked the company, posting it alongside massive mortgage lender loanDepot.
The Prudential Insurance posting was one of the group’s last following a law enforcement takedown that took place in December. Agencies in the U.S., U.K. and European Union coordinated a takeover of the gang’s infrastructure, but the group was able to quickly create a new platform.
They continued posting victims until their last, and arguably most impactful attack, involving Change Healthcare. The group’s leaders allegedly stole the ransom their affiliate received from the healthcare company and have since shut down the operation entirely.
Last week, the U.S. State Department announced a reward of up to $10 million for information leading to the identification or location of anyone who was part of AlphV.
Prudential Insurance reported an even larger data breach last year connected to another ransomware gang’s exploitation of a popular file sharing tool. More than 320,000 people had their Social Security numbers and more leaked.
Recorded Future
Intelligence Cloud.
Learn more.
Source: Original Post