Prudential Insurance Hit By MOVEit Breach Involving Over 320k Customers
Table of Contents
- By Steven
- Aug 11, 2023
Prudential Insurance Company of America is one of the largest financial services and insurance companies in the United States today. The organization is based in Newark, New Jersey, and manages over $1.377 trillion in assets for consumers in the US. The company employs over 39,000 workers and handles data for countless customers each year. Each of those customers was potentially damaged when Prudential suffered a serious data breach that released confidential information to attackers.
How Did the Attack Occur?
This Prudential Financial data breach occurred when PBI (Pension Benefit Information LLC), a service provider to the insurance company, suffered a breach due to its use of the MOVEit file transfer tool. When that breach occurred, a vast amount of consumer data was taken that made Prudential look bad and subjected its customers to serious data losses at the same time. The MOVEit breach likely occurred at the end of May, and reports indicate the data was specifically taken on May 31, 2023.
What Information Was Viewed or Stolen?
When PBI was breached because of its use of the MOVEit file transfer solution, Prudential customer information such as Social Security numbers, birth dates, phone numbers, home addresses, and more were taken. The personal data lost for each individual varies, but everyone involved should assume they are at risk for an identity theft attack and that their information is in the hands of dangerous hackers.
How Did Prudential and PBI Admit to the Breach?
Shortly after realizing it suffered from a data breach, PBI sent a notice to Prudential informing the company many of its customers were put at risk because of the data attack. PBI also began sending individual notices to everyone involved on behalf of all the companies it represents. Prudential filed a notice with the Attorney General of Main on July 31, 2023. Between those two sets of notices, most people involved in this breach should be alerted that their data was misused.
What Will Become of the Stolen Information?
The ransomware gang behind all the MOVEit data attacks gathered the information to leverage it to get companies to pay a ransom. When the companies refuse to pay the ransom, the data is shared online. It's also possible the hackers will use the information to launch phishing and identity theft attacks. The attackers could also resell the data to other hackers that misuse it in other ways. There is real potential for harm from this breach; if you're involved, you should guard your information.
What Should Affected Parties Do in the Aftermath of the Breach?
For those who receive a PBI notice explaining that your data was part of this breach, you must take action to protect yourself. There are many ways for hackers to exploit your personal data, and it's best to begin by looking at your credit report for potential issues. After you review your credit report, you should either freeze your credit or invest in credit monitoring to guard your personal information.