News Heading - 1

Prudential Financial Discloses a New Data Theft Attack

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Prudential Financial reported being victim to a cybersecurity incident that exposed its employee and contractor data.

The network breach incident is said to have occurred earlier this month, the Fortune 500 company said in a Form 8-K filing with the US Securities and Exchange Commission.

The insurance giant disclosed that the breach was detected on February 5, one day after an unknown threat actor gained access to some of its systems. Upon detection, Prudential. with assistance from external cybersecurity experts, immediately deployed cybersecurity measures to ‘’investigate, contain, and remediate’’ the breach.

‘’As of the date of this Report, we believe that the threat actor, who we suspect to be a cybercrime group, accessed Company administrative and user data from certain information technology systems and a small percentage of Company user accounts associated with employees and contractors,’’ Prudential revealed.

However, it did not disclose the total number of employees or contractors impacted by the incident. The leading global financial services provider currently employs approximately 40,000 people, worldwide.

The data breach incident has been reported to the relevant law enforcement and regulatory agencies, Prudential revealed in the filing. Moreover, it’s continuing with the investigation to analyze the full impact of the incident, including any potential compromise of additional data or systems.

Prudential also said that based on its ongoing investigation, it found no evidence of any customer or client data breach.

‘’As of the date of this Report, the incident has not had a material impact on the Company’s operations, and the Company has not determined the incident is reasonably likely to materially impact the Company’s financial condition or results of operations,’’ the filing revealed .

Known for its insurance, retirement planning, and other financial products and services, Prudential Financial is one of the leading financial services provider to customers in the US, Europe, Asia, and Latin America.

News Heading - 2

Vendor Breach Compromises Bank of America Customers’ Data

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Bank of America issued a warning to customers about their sensitive information being compromised in a data breach incident, said to have occurred at one of its vendors.

Last year, its service provider, Infosys McCamish Systems (IMS) suffered a security incident, which exposed personally identifiable information (PII) of customers. The stolen data included names, addresses, dates of birth, social security numbers, and financial details like credit card and account numbers.

Although the customer notifications did not disclose the number of impacted individuals. The incident report filed with the Office of Attorney General of Maine on behalf of Bank of America revealed that 57,028 people were affected.

The incident is said to have occurred as early as November 3, 2023, when ‘’IMS was impacted by a cybersecurity event when an unauthorized third party accessed IMS systems, resulting in the non-availability of certain IMS applications,’’ the notification revealed.

On November 24, 2023, IMS notified the bank about the data breach. It said that ‘’data concerning deferred compensation plans serviced by Bank of America may have been compromised. Although the bank stated that its internal systems were not impacted by the incident, it would be unable to clearly determine the type of information exposed.

Therefore, as a precautionary measure, it’s offering its customers a complimentary identity theft protection service for two years.

Following the attack, in November 2023, LockBit ransomware gang claimed responsibility for this breach. Active since 2019, the ransomware-as-a-service (RaaS) gang has targeted many high-profile organizations across the world, including corporates and government agencies.

This incident adds further woes to Bank of America’s customers. In the MOVEit Transfer platform attack of May 2023, Ernst & Young , world’s leading accounting firm handling the bank’s financial information was also breached. However, the firm did issue a notice that Bank of America’s systems were not impacted by the incident.