Young Consulting confirmed the loss of sensitive data impacting almost a million people because of a ransomware attack in early 2024. The company revealed the situation by sending data breach notifications to 954,177 customers, alerting them that technical issues had been discovered in its IT systems in mid-April 2024.
Connexure, originally Young Consulting, is a software solutions company located in Atlanta. The company work with insurance carriers, brokers, and third-party administrators to manage, market, underwrite, and administer employer stop-loss policies.
A security breach occurred in the company’s network between April 10 and 13. Attackers stole sensitive data and encrypted systems to demand a ransom.
In a document sent to the Maine Attorney General’s Office, Young Consulting stated that it discovered some technical issues:
We immediately took certain systems offline to contain the incident and launched an investigation, with the assistance of a cybersecurity forensics firm, to determine the nature and scope of the event. The investigation determined that an unauthorized actor gained access to Young Consulting’s network between April 10th, 2024, and April 13th, 2024, and downloaded copies of certain files.
According to the software developer, the data breach affected Blue Shield of California and other organisations. Young Consulting, which provides integrated software solutions for medical stop-loss organisations, alerted Blue Shield to the attack.
Blue Shield has subsequently issued a warning, stating that the hack exposed health plan members’ information.
An investigation, which completed on June 28, discovered that full names, Social Security numbers (SSNs), dates of birth, and insurance claim data had been stolen.
Young Consulting Data Exposed on Darknet
The BlackSuit ransomware group targeted Young Consulting on its Tor-based leak site in early May. The hackers allegedly posted the stolen data on the darknet site after the company declined to meet their demands.
Following the May 7 attack, the responsible group, BlackSuit, claimed to have revealed additional stolen data, surpassing what Young Consulting had previously disclosed.
According to reports, the leaked data included financial records, employee passports, corporate contracts, medical information, and files from network shares and personal folders.
Young Consulting takes information security and privacy very seriously. In response to this incident, the company has alerted law enforcement and is investigating its rules to prevent future incidents. Affected customers will receive free credit monitoring and identity theft repair services.
BlackSuit, suspected to be a renamed Royal ransomware group, recently attacked CDK Global, a major automotive software provider, impacting dealers across North America.
FBI issued a warning about the fast spread of BlackSuit ransomware, which targets critical systems and demands as much as $60 million.
Defenders should focus on patching known vulnerabilities, enabling multi-factor authentication, and training users to recognise and report phishing attempts.
Reducing an organisation’s vulnerability to a successful attack should be a priority in cyber-risk decision-making as we enter this next phase of attack sophistication and complexity.
Continuously phishing and security awareness training is an important aspect to helping satisfy the first side of the information security triangle which consists of “people”, “process” and “technology.