Prudential Faces Two Federal Suits Over Cyberattack

What You Need to Know

Prudential reported Feb. 21 that it found no evidence of a ransomware attack.
A ransomware group claimed to have Prudential data, according to SecurityWeek.
The lead plaintiffs in the suits say they received their breach notices May 28.

A lawyer in Puerto Rico has helped to file two separate suits against Prudential Financial in connection with a cyberattack that took place in early February.

Kevin Laukaitis is one of the lawyers who filed a suit on behalf of Constance Boyd against Prudential in the U.S. District Court for New Jersey June 7.

He helped file a second, similar suit against Prudential, on behalf of Gina Adinolfi, in the same court June 17.

The plaintiffs note in the complaints that they received their breach notices in the mail May 28.

One question in both cases is “whether defendant adequately, promptly and accurately informed representative plaintiff and class members that their [personally identifiable information] had been compromised,” according to the complaints.

The breach: Prudential told the U.S. Securities and Exchange Commission Feb. 13 that it had experienced a breach Feb. 4, had discovered the breach Feb. 5 and believed it had immediately chased the attackers out.

The company filed a second notice with the SEC Feb. 21.

Originally, Prudential reported that a “threat actor had gained unauthorized access” to some of its systems.

In the second notice, the company said, outside cybersecurity experts helped the company determine that the threat actor was a cybercrime group that had “accessed and exfiltrated from a platform limited data that includes some client information and personally identifiable information.”