Prudential suffers data breach, personal agent and customer data affected

Prudential, the multinational insurance company, has revealed that two of its subsidiaries in Malaysia have been hit with a cybersecurity attack. Prudential Assurance Malaysia Bhd (PAMB) and Prudential BSN Takaful Bhd (PruBSN) have confirmed that they were victims of wave of MOVEit data theft attacks hitting companies across the world.

In a statement published on the Prudential Malaysia website, they explain that the MOVEit data attack has affected PAMB and PruBSN. The data breach appears to stem from a bug in the MOVEit Transfer solution software that’s reportedly being abused by ransomware gangs in the wild. Prudential states that once they realised what was going on , they immediately isolated the affected server while their response team began investigations and notified authorities.

Unfortunately, Prudential says that it’s highly likely that the personal data of both their agents and their customers were affected in the data theft. This includes names, contact numbers, ID numbers, bank account and partial credit card information details. Prudential does state though that the risk of unauthorised transactions are low as only partial credit card information was included.

Nevertheless, if you suspect that your credit card has been compromised, they recommend that you contact your card issuer directly. They also ask that you keep a constant eye on your bank account statements regularly for the time being, and to be cautious of any unsolicited communications.

You can read Prudential’s full statement below:

Prudential Assurance Malaysia Berhad (PAMB) and Prudential BSN Takaful Berhad (PruBSN) can confirm that we are among many companies around the world that have been affected by the global MOVEit data-theft attack, where a zero-day vulnerability was exploited.

Our customers and our agents are our highest priority and as soon as we became aware of the breach, we took action to isolate the affected server while the incident response team launched a thorough investigation. We have also notified relevant authorities.

It is very likely personal agent and customer data is affected which may include name, contact number, national identification number, bank account and/or partial credit card information. The risk of unauthorised transactions is reduced as only partial credit card information is included. Our investigation is still on-going. We are working to confirm this as quickly as we can.

Immediate steps are being taken to notify impacted customers and provide appropriate support. We have also set up a dedicated hotline with extended hours that our customers can call now.

To safeguard yourself, we recommend our agents and customers to:

• Remain cautious of any unsolicited communications
• Avoid clicking on links or downloading attachments from suspicious email
• Review your bank accounts and credit card statements regularly
• If you are suspicious that your credit card is compromised in any manner, we recommend that you contact your card issuer directly.

Globally, cyber security attacks are increasing. We are constantly reviewing and updating our defence systems and we have responded swiftly to this vulnerability in the MOVEit software.

Our businesses remain fully operational and there is no impact to our customer operations.

Customer hotline:
Tel: 03-2771 2480 (PAMB) or 03-2742 4060 (PruBSN)
(Mon to Fri) – 8:30am to 7pm & (Sat) – 8:30am to 1pm