Close Close
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards
Prudential Financial headquarters in Newark, NJ

Regulation and Compliance > Litigation

Prudential Faces Two Federal Suits Over Cyberattack

Your article was successfully shared with the contacts you provided.

What You Need to Know

  • Prudential reported Feb. 21 that it found no evidence of a ransomware attack.
  • A ransomware group claimed to have Prudential data, according to SecurityWeek.
  • The lead plaintiffs in the suits say they received their breach notices May 28.

A lawyer in Puerto Rico has helped to file two separate suits against Prudential Financial in connection with a cyberattack that took place in early February.

Kevin Laukaitis is one of the lawyers who filed a suit on behalf of Constance Boyd against Prudential in the U.S. District Court for New Jersey June 7.

He helped file a second, similar suit against Prudential, on behalf of Gina Adinolfi, in the same court June 17.

The plaintiffs note in the complaints that they received their breach notices in the mail May 28.

One question in both cases is “whether defendant adequately, promptly and accurately informed representative plaintiff and class members that their [personally identifiable information] had been compromised,” according to the complaints.

The breach: Prudential told the U.S. Securities and Exchange Commission Feb. 13 that it had experienced a breach Feb. 4, had discovered the breach Feb. 5 and believed it had immediately chased the attackers out.

The company filed a second notice with the SEC Feb. 21.

Originally, Prudential reported that a “threat actor had gained unauthorized access” to some of its systems.

In the second notice, the company said, outside cybersecurity experts helped the company determine that the threat actor was a cybercrime group that had “accessed and exfiltrated from a platform limited data that includes some client information and personally identifiable information.”

“The threat actor also accessed and exfiltrated company administrative and user data from certain information technology systems,” the company said.

SecurityWeek reported at the time that the ALPHV/BlackCat ransomware group was saying on its leak website that it had obtained Prudential data and that Prudential was not willing to pay a ransom.

Prudential’s own investigation found no evidence of malware, ransomware, data destruction or alternation, according to the company’s Feb. 21 SEC filing.

Federal investigators believe ALPHV/BlackCat mounted the Feb. 21 attack on UnitedHealth’s Change Healthcare unit that affected the flow of patient records throughout much of the U.S. health care system for weeks.

Suit details: Andrew Sciolla of Philadelphia joined with Laukaitis to file the Boyd suit and Daniel Srourian of Los Angeles joined with him to file the Adinolfi suit.

Boyd is seeking to represent a class consisting of all U.S. individuals whose personally identifiable information or financial information was exposed to unauthorized third parties as a result of the data breach experienced by Prudential Feb. 4

Adinolfi is seeking to represent all U.S. individuals whose PII was exposed “as a result of the data breach discovered by the defendant on February 5, 2024.”

Neither complaint gives details about the breach beyond what has been reported in a notice that Prudential filed with the SEC and a breach notice that the company sent to the customers and other people who might be affected.

Credit: Bloomberg


© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.