The IT Nerd

Prudential Financial has disclosed that its network was breached last week, with the attackers accessing/stealing employee and contractor data before being blocked from compromised systems one day later.

The company is the second-largest life insurance company in the U.S. and employs 40,000 people worldwide managing roughly $1.4 trillion in assets. Prudential had reported revenues of more than $50 billion in 2023.

In a 8-K form filed with the SEC this week, Prudential said a “threat actor… had accessed Company administrative and user data from certain information technology systems and a small percentage of Company user accounts associated with employees and contractors.”

The breach is said to have occurred on February 4^th and was detected one day later, on Feb 5^th, whereupon the company immediately shut systems down and began remediation. The company reported the breach to law enforcement agencies and notified all relevant regulatory authorities of the event.

“… we believe that the threat actor, who we suspect to be a cybercrime group, accessed Company administrative and user data from certain information technology systems and a small percentage of Company user accounts associated with employees and contractors,” Prudential said.

“As of the date of this Report, the incident has not had a material impact on the Company’s operations, and the Company has not determined the incident is reasonably likely to materially impact the Company’s financial condition or results of operations,” the company said.

Craig Harber, Security Evangelist: Open Systems had this to say:

    “Prudential Financial disclosed its network was breached last week by cyber criminals. It did not provide any specific details of how the threat actor breached the system, nor did it give details on the extent of the compromised data beyond the fact it was contractor and employee user data, not non-employee customer data.

   “The threat actors accessed the company network from what they described as “information technology systems.” The company did not disclose whether this system was a Prudential-managed system or whether this system was third-party-managed. Prudential notified law enforcement agencies and regulatory authorities of the breach in accordance with the new Cyber Incident Reporting for Critical Infrastructure Act and other regulatory requirements, such as the SEC’s new rules on cybersecurity disclosure.

   “Based on all available reporting, incident response teams blocked the threat actor within the first 24 hours of breach detection. This type of response requires investment in preventing cyber-attacks and preparedness in case of an inevitable cyber event. 

   “Prevention includes everything from investing in backup and recovery systems to patching operating systems and applications to deploying robust, proactive cyber defense technologies to actively threat hunt within the network to fortify business operations from cyber threats and attacks. 

   “Preparation involves developing policies and a playbook for handling incidents and exercising these plans under simulated attack scenarios to ensure teams can assess, contain, and mitigate an active threat while maintaining business operations.

   “The key takeaway from this data breach is cybercrime is a complex and evolving challenge that impacts individuals, organizations, and societies globally. Vigilance, cybersecurity measures, including incident response preparedness, and international cooperation are crucial in combating this digital menace.’

Dave Ratner, CEO, HYAS follows with this comment:

   “While it’s a good thing that the breach and attack is not expected to affect company operations or financials, it still highlights the rampant onslaught of breaches that expose data, putting employees, contractors, and others at risk.  Without appropriate proactive intelligence and cyber resiliency strategies, these events will unfortunately continue.”

The good news is that the threat actors were detected quickly and it looks like Prudential regained control in short order. Swift detection is one of the tools in the toolbox that has to be present to make sure that threat actors cannot set up shop and start to move within a victim’s environment.

This entry was posted on February 15, 2024 at 8:11 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.