2024-02-13 PRUDENTIAL FINANCIAL INC Cybersecurity Incident

Page last updated on April 18, 2024

PRUDENTIAL FINANCIAL INC initially disclosed a cybersecurity incident in an SEC 8-K filing on 2024-02-13 16:21:11 EST.

Incident Details

Material: Unknown
Is Breach: TRUE
Records Compromised: 36,545
Data Types Impacted: Driver License Number, Home address, Name

Compromised Date: 2024-02-04
Detected Date: 2024-02-05
Disclosure Date: 2024-02-13
Contained Date: 2024-03-29
Recovered Date:

Attack Goal: Unknown

Costs: No Costs Tracked (yet)

Filings

8-K filed on 2024-02-13

PRUDENTIAL FINANCIAL INC filed an 8-K at 2024-02-13 16:21:11 EST
Accession Number: 0001193125-24-033753

Item 1.05 Material Cybersecurity Incidents.

On February 5, 2024, Prudential Financial, Inc. (the “Company” or “we”) detected that, beginning February 4, 2024, a threat actor had gained unauthorized access to certain of our systems. With assistance from external cybersecurity experts, we immediately activated our cybersecurity incident response process to investigate, contain, and remediate the incident. As of the date of this Report, we believe that the threat actor, who we suspect to be a cybercrime group, accessed Company administrative and user data from certain information technology systems and a small percentage of Company user accounts associated with employees and contractors.

We continue to investigate the extent of the incident, including whether the threat actor accessed any additional information or systems, to determine the impact of the incident. On the basis of the investigation to date, we do not have any evidence that the threat actor has taken customer or client data. We have reported this matter to relevant law enforcement and are informing regulatory authorities. As of the date of this Report, the incident has not had a material impact on the Company’s operations, and the Company has not determined the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.

8-K/A filed on 2024-02-21

PRUDENTIAL FINANCIAL INC filed an 8-K/A at 2024-02-21 08:05:58 EST
Accession Number: 0001193125-24-040749

Item 1.05 Material Cybersecurity Incidents.

As disclosed in the Original Report, on February 5, 2024, we detected that, beginning February 4, 2024, a threat actor had gained unauthorized access to certain of our systems. With assistance from external cybersecurity experts, we immediately activated our cybersecurity incident response process to investigate, contain, and remediate the incident. As of the date of this Report, we believe the threat actor is a cybercrime group, and our investigation has identified that the group accessed and exfiltrated from a platform limited data that includes some client information and personally identifiable information. The threat actor also accessed and exfiltrated Company administrative and user data from certain information technology systems and accessed a small percentage of Company user accounts associated with employees and contractors. We reported this matter to relevant law enforcement and have been informing regulatory authorities.

On the basis of the investigation to date, we have not found any evidence of malware, ransomware, data destruction or alteration, or that the threat actor currently has access to our systems. We continue to investigate the extent and impact of the incident, including whether the threat actor accessed any additional information or systems.

As of the date of this Report, the incident has not had a material impact on the Company’s operations, and the Company has not determined the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.

Explanatory Note.

This Amendment No. 1 amends the Current Report on Form 8-K filed by Prudential Financial, Inc. (the “Company” or “we”) with the Securities and Exchange Commission on February 13, 2024 (the “Original Report”).

Company Information