Prudential Insurance Co. of America has joined the growing number of firms engulfed in the massive MOVEit cyberattack that breached the personal information of millions of people.
In a data breach notification filed with Maine's attorney general office on Aug. 10, Prudential reported that 320,840 customers might have been affected by the hack that occurred May 29 and May 30.
The cyber criminals attacked scores of companies, including Prudential's third-party service vendor, Pension Benefit Information, which used the faulty MOVEit file transfer software that the thieves exploited to steal personal information.
In a letter to Prudential's affected customers, PBI noted that Prudential provides services for monthly retirement benefit payments on behalf of the $50.4 billion Western Conference of Teamsters Pension Trust Fund, Seattle, and other entities. It also offered customers 24 months of complimentary credit monitoring and identity restoration services.
One of the affected customers has already filed a class-action lawsuit against Prudential. On Aug. 15, Bruce Parker hit the company with a complaint in U.S. District Court for the District of New Jersey, alleging Prudential failed to safeguard the personally identifiable information of its customers and insurance agents.
"Defendant's failure to protect consumers' private information has harmed and will continue to harm over 320,000 of defendant's consumers," the complaint said.
The plaintiff is seeking monetary damages and injunctive and declaratory relief, including requiring Prudential to "meaningfully educate all class members about the threats that they face as a result of the loss of their confidential personal identifying information to third parties" and ordering the company to pay for not less than 10 years of credit monitoring services.
Prudential declined to comment on the breach notification and the lawsuit.
The Maine attorney general's office also declined to comment.