Young Consulting has confirmed that confidential data belonging to nearly one million people was lost in a ransomware attack in early 2024.
The company confirmed the news by sending data breach notification letters to exactly 954,177 customers, stating that it became aware of “technical difficulties” in its computing environment in mid-April 2024.
After an investigation that also involved third-party forensics firms, the company concluded that its network was accessed between April 10 and 13 and that during those three days, malicious actors managed to steal sensitive data and subsequently encrypt the systems to demand a ransom payment.
BlackSuit Attacks
The stolen data included names, social security numbers (SSN), birth dates, and insurance policy/claim information. The company says it is still investigating what type of data was stolen, but added that Blue Shield was affected. Blue Shield of California is a mutual health insurance company founded in 1939 by the California Medical Association.
Young Consulting is a company specializing in providing customized software solutions for the employer stop-loss insurance market. The company develops integrated software that assists carriers, brokers and third-party administrators in the marketing, underwriting and administration of medical stop-loss insurance.
The company did not disclose who the threat actors were, but PiepComputer reports that a threat actor named BlackSuit has claimed responsibility and has already shared the stolen data.
The difference is that the threat actors claim to have stolen much more than Young Consulting states, including business contracts, contacts, presentations, employee passports, contracts, contacts, family data, medical examinations, financial audits, reports and payments, as well as various content from personal folders and network shares.
Individuals who fear their information has been stolen should contact Young Consulting, as the company offers free credit monitoring and identity theft protection services.
