Close Close
Sign In
Newsletters
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards
Podcast Center Video Center Webcasts Resource Center Events
About ThinkAdvisor Contact Us Advertise With Us Asset & Logo Licensing Sitemap Terms of Service Privacy Policy Copyright © 2024 ALM Global, LLC. All Rights Reserved.
ThinkAdvisor
Sign on Prudential Financial headquarters in Newark, NJ

Regulation and Compliance > Cybersecurity

Prudential Hit by Ransomware Group

By Allison Bell

X
Your article was successfully shared with the contacts you provided.

The ALPHV/BlackCat ransomware group says it has stolen information from Prudential Financial and is holding it for ransom, but Prudential has concluded that the breach seems to be small.

The Newark, New Jersey-based life and annuity issuer first revealed the hack in a notice filed with the U.S. Securities and Exchange Commission on Feb. 13. It gave the SEC an update Wednesday.

“On the basis of the investigation to date, we have not found any evidence of malware, ransomware, data destruction or alteration, or that the threat actor currently has access to our systems,” Prudential says in the notice. “We continue to investigate the extent and impact of the incident, including whether the threat actor accessed any additional information or systems.”

A reporter at SecurityWeek, a cybersecurity publication, says that BlackCat indicated on its leak website that it had Prudential data and that Prudential had refused to pay a ransom.

Prudential declined to provide more information than what it put in the SEC notice.

What it means: It might be a good time to update your software and change your passwords.

Ransomware group: The ALPHV/BlackCat attracted U.S. investigators’ attention in 2022, according to the U.S. Justice Department.

The federal Cybersecurity and Infrastructure Security Agency reports that BlackCat ransomware-spreading affiliates have hacked about 1,000 entities, including about 750 in the United States, and received about $300 million in ransomware payments.

The field hackers get into an organization’s computer by calling an employee and pretending to work for the information technology or help desk team. The hacker then tricks the employee into providing the credentials the hacker needs to get into the organization’s network.

In some cases, the hacker gets an organization’s data and extorts an employee without installing ransomware.

The attack: Prudential reported in the first SEC notice that it had detected a system intrusion Feb. 5 and believed that the intrusion had occurred Feb. 4. The company noted that it had informed law enforcement and regulatory authorities.

In the new notice, the company says it believes that the intruder was a cybercrime group.

“Our investigation has identified that the group accessed and exfiltrated from a platform limited data that includes some client information and personally identifiable information,” the company says. “The threat actor also accessed and exfiltrated company administrative and user data from certain information technology systems and accessed a small percentage of company user accounts associated with employees and contractors.”

Credit: Bloomberg

Allison Bell

Think_Allison

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.