Data breach class actions begin to pile up against Prudential Insurance
ALPHV Blackcat, the "notorious" cybercrime group, is likely behind the attack, the complaint contended.
Saltz Mongeluzzi Bendesky and Strauss Borrelli filed a data breach class action Monday against Prudential Insurance Co. of America on behalf of more than 2 million current and former customers.
Prudential has been hit with three class actions in the U.S. District Court of New Jersey since the beginning of June in relation to the same cybercriminal attack.
Patrick Howard of Saltz Mongeluzzi and Samuel J. Strauss and Raina C. Borrelli of Strauss Borrelli represent the plaintiffs in the latest suit. The attorneys did not immediately respond to a request for comment.
According to the new lawsuit, Prudential was hacked on Feb. 4 through an employee’s computer account by a “third party believed to be associated with a cybercrime group,” compromising the class members’ personal identifying and health information.
ALPHV Blackcat, the “notorious” cybercrime group, is likely behind the attack, the complaint contended. The group is known for ransomware and data extortion. The personal data will also likely be sold on the dark web, the plaintiffs alleged.
Prudential allegedly did not train its employees well enough to identify phishing attempts or take adequate safety measures, the plaintiffs stated.
While the most recent lawsuit alleged more than 2 million customers were affected by the breach, the class action filed on June 7, Boyd v. Prudential Financial, stated that the estimated amount of people affected, according to an earlier report, was 36,545. The data breach class action filed on June 17, Adinolfi v. Prudential Financial, did not specify how many people’s personal information was stolen, but alluded to thousands of others affected in addition to the named plaintiff.
All the cases similarly alleged that the defendant has kept the class in the dark about what comes next to protect their information.
The complaint in the most recent case alleged the affected customers were not notified until July, “thereby depriving the class of the opportunity to try and mitigate their injuries in a timely manner.”
In addition, the plaintiffs pointed to an additional data breach that occurred at Prudential in 2023, which exposed the private information of more than 320,000 customers.
The plaintiffs brought the lawsuit under nine causes of action, including negligence, breach of implied contract, invasion of privacy, unjust enrichment, breach of fiduciary duty, declaratory judgment, and violations of the Washington Consumer Protection Act and the Washington Data Breach Disclosure Law.
Counsel for the defendant has yet to appear. Prudential did not immediately respond to a request for comment.
Related: