Almost a million affected by Young Consulting breach, BlackSuit ransomware claims responsibility


Software solutions provider Young Consulting, now known as Connexure, has notified 954,177 individuals in the US that their names and other personal identifiers were leaked in a data breach that occurred on April 10th, 2024.

BlackSuit ransomware claimed the company on May 7th, and they gave Young Consulting three days to contact them if they wanted to protect the data. Otherwise, they threatened, “Everything will be released to the public.”

According to a filing with the Office of the Maine Attorney General, Young Consulting became aware of technical difficulties in their computer environment on April 13th.

ADVERTISEMENT

“We immediately took certain systems offline to contain the incident and launched an investigation, with the assistance of a cybersecurity forensics firm, to determine the nature and scope of the event. The investigation determined that an unauthorized actor gained access to Young Consulting’s network between April 10th, 2024, and April 13th, 2024, and downloaded copies of certain files,” the company stated.

Almost a million individuals should be aware that hackers obtained a combination of names, Social Security numbers, dates of birth, and insurance policy/claim information. The affected information varies by individual. Young Consulting is providing the notices on behalf of Blue Shield of California, a mutual benefit corporation and health plan.

However, the post on the BlackSuit extortion page on the dark web said that they stole the following:

  • Business data (contracts, contacts, planning, presentations, etc.)
  • Employee data (passports, contracts, contacts, family details, medical examinations, etc.)
  • Financial data (audits, reports, payments, contracts, etc.)
  • Other data taken from shares and personal folders

The data appears to have been posted publicly, as the gang provides two links to it. Cybernews has not yet checked the validity of the claims or their contents.

“Top management completely refused to negotiate, thinking that we are bluffing,” the BlackSuit post claims. “Business partners and employees – REMEMBER, Young Consulting management does not care about you or your personal information.”

Young Consulting reassures customers that it takes this event and information security very seriously and is committed to maintaining privacy. The company has notified law enforcement and is reviewing its policies, procedures, and processes to prevent anything like this from happening in the future.

The company offers credit monitoring and identity theft restoration services at no cost to the affected individuals.

ADVERTISEMENT

The FBI warned earlier this year that BlackSuit ransomware is rapidly spreading across various critical infrastructure sectors and demanding ransoms as high as $60 million from its victims. BlackSuit ransomware is suspected to be a rebrand of the infamous Royal ransomware group, sharing numerous coding similarities.

One of the gang’s recent attacks on automotive software provider CDK Global hit auto dealers across North America.