Prudential Financial revealed a cybersecurity breach. Detected on February 5, 2024, the flaw involved unauthorized access to certain company systems.
In a filing with the United States Securities and Exchange Commission (SEC) on February 12, 2024, Prudential said it immediately activated its cybersecurity incident response protocol and worked with external experts to investigate and mitigate the incident. . The company suspects the involvement of a cybercrime group.
“Organizations must quickly identify the potential impact of a breach to determine its potential significance in order to initiate the disclosure process,” commented Claude Mandy, Chief Data Security Evangelist at Symmetry systems.
“At the same time, cybercriminals may threaten to publicly disclose the incident in order to extort money from victims. Early disclosure like this relieves that pressure, but requires modern data security tools to determine the likely significance of the incident.
According to Prudential, the breach exposed administrative and user data from specific IT systems and some employee and contractor accounts, but there is no evidence of customer data compromise.
“We continue to investigate the extent of the incident, including whether the threat actor accessed additional information or systems, to determine the impact of the incident,” Prudential said.
“The incident did not have a material impact on the company’s operations, and the company has not determined that the incident is reasonably likely to have a material impact on its financial position or results of ‘exploitation.’
Commenting on the news, Darren Guccione, CEO and co-founder of Security guardsaid there will likely be an increase in mandatory reporting of cyber incidents to the Federal Commission after the SEC’s new reporting requirements are finalized.
Learn more about the new requirements: What you need to know about the new SEC requirements
“However, with this case and others, we also seem to be seeing an increased trend toward voluntarily reporting cyber incidents that do not meet the criteria for disclosure,” Guccione explained.
“By submitting a report to the SEC that an incident occurred but did not materially impact operations, Prudential can attempt to proactively mitigate damage to its reputation – assuming that fewer people will read an SEC filing than a public statement.”
Disclosure of Prudential Financial breach comes following Recent notification from Bank of America to its customers regarding a data breach via one of its service providers, Infosys McCamish Systems (IMS).
Image credit: JHVEPhoto / Shutterstock.com