Young Consulting has confirmed that it lost sensitive data on almost a million people in a ransomware attack that occurred earlier in 2024. The company made this known by sending breach notification letters to exactly 954,177 customers, detailing the incident and its impact. The breach occurred between April 10 and 13 when malicious actors accessed Young Consulting’s network, stole sensitive data, and encrypted the systems to demand a ransom payment.
An investigation involving third-party forensic firms revealed the extent of the breach. Among the stolen data were names, Social Security Numbers (SSNs), birth dates, and insurance policy/claim information. Young Consulting is still investigating the types of data taken and noted that Blue Shield was affected.
Young Consulting data breach details
Blue Shield of California is a mutual benefit corporation and health plan founded in 1939 by the California Medical Association. Young Consulting specializes in providing software solutions tailored for the employer stop-loss insurance marketplace.
It develops integrated software designed to assist carriers, brokers, and third-party administrators in the marketing, underwriting, and administration of medical stop-loss insurance. The company did not disclose the identity of the threat actors, but BleepingComputer reported that a group named BlackSuit claimed responsibility and has already leaked the stolen data. The threat actors allege to have stolen more than what Young Consulting has admitted, including business contracts, contacts, presentations, employee passports, family details, medical examinations, financial audits, and various content from personal folders and network shares.
Individuals who fear their data may have been stolen should reach out to Young Consulting. The company is providing credit monitoring and identity theft protection services for free.
