Prudential Financial finds cybercrims lurking inside its IT systems – Source: go.theregister.com

Prudential Financial, the second largest life insurance company in the US and eight largest worldwide, is dealing with a digital break-in that exposed some internal company and customer records to a criminal group.

The Fortune Global 500 and Fortune 500 org provides a range of services including insurance, retirement planning, fund management services and more to retail and institutional investors. It has $1.4 trillion worth of assets under management across the US, Asia, Europe, and Latin America.

Confirmation of the “material cybersecurity incident” was made in an 8K filing [PDF] the corporation deposited with the SEC. “On February 5, 2024, Prudential Financial detected that, beginning February 4, 2024, a threat actor had gained unauthorized access to certain of our systems.

“With assistance from external cybersecurity experts, we immediately activated our cybersecurity incident response process to investigate, contain, and remediate the incident,” it adds.

As of yesterday, Prudential Financial believes that the criminal or “cybercrime group” had “accessed Company administrative and user data from certain information technology systems and a small percentage of Company user accounts associated with employees and contractors.”

The business turned over $20.445 billion [PDF] in the nine months ended September 30, 2023, and claims to have in excess of 50 million customers, so is a seemingly rich target for criminals with computer skills.

Criminals targeting insurers are hoping to get access to social security numbers, financial information and customers’ personal details including addresses, dates of birth, and perhaps medical data.

• Southern Water cyberattack expected to hit hundreds of thousands of customers
• Infosys subsidiary named as source of Bank of America data leak
• Dutch insurers demand nudes from breast cancer patients despite ban
• Europe’s largest caravan club admits wide array of personal data potentially accessed

The probe into the “extent of the incident” continues, says Prudential in the 8K filing, including “whether the threat actor accessed any additional information or systems.”

“On the basis of the investigation to date, we do not have any evidence that the threat actor has taken customer or client data. We have reported this matter to relevant law enforcement and are informing regulatory authorities.

“As of the date of this Report, the incident has not had a material impact on the Company’s operations, and the Company has not determined the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.” ®