Insurance software giant reveals nearly a million customers hit by ransomware risk

Lock on Laptop Screen
(Image credit: Shutterstock.com) (Image credit: Future)

Young Consulting has confirmed it lost sensitive data on almost a million people in a ransomware attack that happened earlier in 2024.

The company confirmed the news by sending out data breach notification letters to exactly 954,177 customers, which said it became aware of “technical difficulties” in its computer environment in mid-April 2024.

After an investigation, in which third-party forensics firms were involved, the company concluded that its network was accessed between April 10 and 13, and during these three days, malicious actors managed to steal sensitive data, and then encrypt the systems to demand a ransom payment.

BlackSuit attacks

Among the data stolen were people’s names, Social Security Numbers (SSN), birth dates, and insurance policy/claim information. The company says it is still looking into what types of data were taken, but added that Blue Shield was impacted. Blue Shield of California is a mutual benefit corporation and health plan founded in 1939 by the California Medical Association.

Young Consulting is a company that specializes in providing software solutions tailored for the employer stop-loss insurance marketplace. It develops integrated software designed to assist carriers, brokers, and third-party administrators in the marketing, underwriting, and administration of medical stop-loss insurance.

The company did not state who the threat actors were, but BleepingComputer reports that a threat actor by the name BlackSuit assumed responsibility and already leaked the stolen data.

The difference here is that the threat actors claim to have stolen a lot more than what Young Consulting says, including business contracts, contacts, presentations, employee passports, contracts, contacts, family details, medical examinations, financial audits, reports, and payments, and various content taken from personal folders and network shares.

Individuals who fear their data may have been stolen should reach out to Young Consulting, since the company is providing credit monitoring and identity theft protection services for free.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.