Published July 18, 2025 
read
Prudential security breach: what you should know and do
Prudential Financial, Inc. is a business leader with a strong presence in insurance and other financial services. The company manages over $1.5 trillion in assets but is making headlines for the wrong reasons, due to its recent data breaches over the last three years.
Our article discusses what happened during the Prudential security breach incidents, what information was compromised, and how these breaches may put you at risk. We’ll also guide you through how to protect yourself if you’ve been affected.
Did a Prudential hack happen?
Prudential has experienced several data breaches, with the most significant incident linked to a hacker group in 2024. A Prudential cyber attack also occurred in 2023 as a result of a third-party breach.
With its consecutive data breaches, Prudential reveals its struggle to protect the customer data. Here’s a chronological breakdown of Prudential’s security incidents.
Prudential security breach 2023: MOVEit file transfer incident
In 2023, a ransomware group named Clop exploited a vulnerability in Progress Software’s MOVEit transfer tool. Though Progress issued a patch quickly, Clop launched a widespread attack that affected government and business organizations worldwide including Delta Dental, Sony and even Amazon. This third-party attack against Prudential exposed Social Security numbers and other sensitive data of over 320,000 Prudential clients.
Prudential cyber attack 2024: the Alphv/BlackCat ransomware group hack
Last year, Prudential was targeted by the Alphv/BlackCat ransomware group, a cybercriminal organization that emerged in 2021 and operates under a Ransomware-as-a-Service (RaaS) model. Under this setup, developers supply the ransomware to affiliates, who then launch the attacks.
On February 5th, 2024, Prudential Insurance learned that hackers had stolen sensitive information of over 36,000 individuals. In a report from The Record, the company warned that a cybercrime organization had accessed user data from its IT systems. Some of the affected accounts belonged to employees and contractors. During the Prudential security breach, threat actors:
- Compromised users through an administrative account, most likely due to social engineering attacks.
- Stole sensitive data, including names, addresses, driver’s license numbers, and government IDs.
Prudential didn’t disclose the cyberattack until 52 days later. The delay is concerning as it indicates a lack of transparency and public disclosure. BleepingComputer first reported on February 16th about the Alphv/BlackCat ransomware group claiming responsibility for the attack. The group, notorious for its high-scale breaches worldwide, is also responsible for attacks targeting Loan Depot, Change Healthcare, Fidelity National Financial, Reddit, MGM casinos and many others
After completing its investigation, Prudential revised its initial estimate of 36,000 affected customers, revealing that the breach impacted at least 2.5 million individuals.
Prudential Financial breach 2025: what we know so far
Currently, authorities are investigating an alleged 2025 Prudential security breach. According to a JD Supra newsletter, Prudential Financial filed a notice with the Massachusetts Attorney General after discovering that an unauthorized party accessed its private systems. Prudential explains that the individual customer impacts could vary.
At this time, we know threat actors exposed personal information of customers who purchased annuity products, revealing:
- The customer’s full name
- Mailing address
- Date of birth
- Annuity account numbers
- The last four digits of individual Social Security numbers
Investigations into the cause of this latest Prudential security breach have yet to confirm how many customers are affected.
What data was exposed and why it matters
Across these Prudential security breach incidents, millions of individuals had their sensitive data compromised. Not everyone’s account was impacted the same way, but threat actors can still use the stolen data for identity theft, phishing attacks, and social engineering.
Prudential data breach incidents by year: what was compromised and who was affected
| Breach year | Exposed information | Breach impact |
|---|---|---|
| 2023 | Social Security numbers, dates of birth, mailing addresses, phone numbers | 320,840 Prudential accounts, mainly employees and job applicants |
| 2024 | Full names, mailing addresses, driver’s license numbers, non-driver ID card numbers | 2,556,210 people, including contractors and customers |
| 2025 | Full names, mailing addresses, dates of birth, last four digits of SSNs, annuity product details, policy/account numbers | Number unknown; leaked data tied to annuity products and financial client accounts |
Why is this important
Prudential maintains highly sensitive personal records from employees and customers, making them a high-value target for criminal organizations. Anyone associated with Prudential expects to maintain the most up-to-date cybersecurity systems. When threat actors expose your data, it opens the door to:
- Account access across many devices, which makes tracking fraudulent activity difficult
- New credit lines opened in your name
- Target phishing and impersonation scams
Whether threat actors engage in fraudulent activity or not, data breach victims remain at risk. Cybercriminals may hold stolen data for months or years, waiting for the opportunity to sell it on the dark web.
Did Prudential do enough in response?
Prudential has taken standard steps in response to each security breach, such as notifying those affected by the leak, offering complimentary credit monitoring services, and filing the appropriate disclosures with regulators. The company also hired cybersecurity experts to investigate the breaches.
Delayed disclosures
After the February 2024 ransomware attack, Prudential disclosed the breach to the SEC, but didn’t notify affected individuals until late April. According to Rogier Fischer, CEO and Co-founder of Hadrian Security, “the breach notification throws up several compliance issues.”
A delay of 52 days exceeds the 30-day limit mandated by many state laws and may give threat actors more time to misuse stolen information before organizations can respond.
Limited transparency
The financial services company acted swiftly and in line with expectations when handling security breaches. However, the company’s transparency in disclosing the full scope of incidents may draw criticism. During the 2024 and 2025 Prudential security breaches, the company initially reported lower numbers of impacted individuals, only to revise those figures upward weeks to months later.
Offered protections
Prudential offered those affected free Kroll credit monitoring for 24 months and identity theft protection, which is standard after a breach. The company is working to improve its cyber resilience and signal it takes cybersecurity seriously. According to a statement, the company has:
- A 24/7, global information security and privacy program led by cybersecurity professionals and legal experts. They focus on creating controls to manage how they collect, use, and store sensitive data in a way that addresses the reality of cybersecurity threats.
- Adaptive security measures that are regularly updated to respond to changing threats and environments.
- Increased its cybersecurity spending by 20%, signaling its renewed commitment to privacy and data protection.
No system is immune to cyberattacks, but Prudential is working to provide an infrastructure that can detect, contain, and respond to breaches more effectively.
What are the consequences of the Prudential security breach incidents
Prudential’s security breaches illustrate how limited disclosures, paired with consecutive data leaks, can lead to a breakdown in consumer confidence and legal consequences.
The consequences of the Prudential hacks are:
- Legal and financial fallout – A class action lawsuit was filed in New Jersey about the 2024 Prudential security breach. The plaintiff, Constance Boyd, alleged that Prudential was negligent and unnecessarily delayed breach notifications. The company denied any wrongdoing, but agreed to pay $4.75 million to resolve the lawsuit.
- Public frustration and loss of trust – Consumers go to Reddit for clarity and to express their frustration when security breaches happen. One Reddit user said, “I don’t even know what to do anymore when I get those data breach notifications…It’s obvious that these corporations face zero consequences, so what’s the point of even trying to stay on top of it?”
Financial data breaches are a serious threat. Why?
Financial data breaches don’t just cause lawsuits and reputational damage; they increase the long-term risks for anyone affected by them. Here’s the impact of a Prudential cyber attack:
- Financial data is a lucrative commodity. It is valuable because criminals can compile a complete profile of their next target, open new accounts, and launch damaging identity theft schemes. Bad actors often sell sensitive information in bulk to fuel their cybercrimes for years.
- Attackers continually evolve their tactics. They keep learning and finding new ways to use social engineering and manipulate their targets into revealing sensitive data.
- Criminals can bypass MFA. Bad actors can bypass MFA with real-time phishing kits or malware to intercept your MFA codes and gain access.
What to do if your Prudential data was exposed
The risks of a data breach are real, but they don’t have to mean disaster. If you received notification of a Prudential cyber attack, you should:
- Freeze your credit – Locking your credit file prevents threat actors from opening new accounts. This step is free and doesn’t affect your score.
- Use multi-factor authentication – Criminals may use targeted MFA attacks against you, but it remains an effective way to secure your account. Pair it with responsible security habits and app-based authenticators.
- Check your online accounts regularly – Unauthorized account transactions, settings changes, or new account alerts are red flags. Set up alerts for your bank account, credit card, and email providers to catch issues early.
- Check the dark web for your data – You can use tools like HaveIBeenPwned for leaked data or identity monitoring services to learn about dark web alerts.
- Use a password manager to rotate credentials- Reusing passwords makes you an easier target for cybercriminals. A password manager will help you generate and store a unique password.
- File a police report if fraud has already occurred – If your data exposure led to identity theft or other unauthorized activity file a police report. You may need one to dispute fraudulent charges.
How Onerep protects your online privacy
Users often overlook the consequences of their data exposure and how it can compromise their security. Data broker sites collect and sell your information online, providing a platform where bad actors can purchase personal data and exploit it for identity theft or fraud. Even if you’ve secured your account, data brokers can still leave you vulnerable to potential attacks.
The more places your data appears online, the higher your risk. Onerep can help you limit the risk and manage your digital footprint with:
- Automated data removal – We continuously scan and remove your personal information from 200+ high-risk broker and people-search sites.
- Ongoing monitoring – Data brokers can republish your data. Onerep keeps c monitoring these sites and removing your information wherever it appears, making it significantly harder for criminals to use against you.
FAQs
What do I do if I have a data breach with Prudential?
Start by ordering your free credit reports at AnnualCreditReport.com and checking for any accounts you don’t recognize. Also, make sure you take advantage of any free credit monitoring and identity theft protection services Prudential offers. You may also want to place a credit freeze or fraud alert and secure your accounts with new, strong passwords and 2FA.
Can I check if I have had a data breach?
If you were affected by a breach, Prudential should have notified you directly. Contact their support team if you suspect that your account was affected, or check official notices from Prudential and the Maine Attorney General.
What is the data breach lawsuit with Prudential?
Constance Boyd filed a class action lawsuit against Prudential Financial in June 2024. The suit alleged that the company failed to properly protect the plaintiff’s personally identifiable information and that of over 36,000 (the figure later revised to 2.5 million) other customers. On July 15, 2025 Prudential agreed to pay $4.75 million to settle the class action lawsuit.
Can I get compensation for a data breach?
Consumers who had their personal information compromised in the February 2024 Prudential security breach may be eligible to receive a cash payment from the class action settlement reached in July 2025.
Class members can submit a claim online or download a claim form here to complete and send by mail or email to the settlement administrator. All claims must be submitted, postmarked, or emailed no later than October 3, 2025.
If you are unsure whether you are a Class member, contact the Settlement Administrator at:
Prudential Data Incident Settlement
c/o Settlement Administrator
P.O. Box 25226
Santa Ana, CA 92799
(833) 360-6875
[email protected]
Mikalai is a Chief Technical Officer at Onerep. With a degree in Computer Science, he headed the developer team that automated the previously manual process of removing personal information from data brokers, making Onerep the industry’s first fully automated tool to bulk-remove unauthorized profiles from the internet.