Skip to main content
data on computer data on computer

Young Consulting Data Breach | Blue Shield of California

Written by Joseph Lyon on . Posted in Data Breach.

The Lyon Firm is investigating the reported Young Consulting data breach that allegedly impacted almost a million individuals. Blue Shield of California has announced on their website that many of their clients may have had their Social Security numbers and personal health data compromised.

Contact our data breach lawyers if you believe your personal information was accessed and leaked in this data security incident. We believe very strongly that any entity that collects and stores your private health information and personal data has a duty to properly protect it with robust IT security. Companies that suffer data theft incidents can be held accountable for related financial damages. Our firm has filed numerous data breach lawsuits on behalf of plaintiffs nationwide.

What Happened at Young Consulting?

A large software solutions provider called Young Consulting, operating out of Atlanta, Georgia, has started notifying 954,000 individuals that their personal information was likely compromised in a data breach.

The IT security event was apparently first discovered on April 13, when the company had “technical difficulties” within its IT network. The company launched an initial investigation with the help of cybersecurity professionals, and concluded that hackers accessed its network between April 10 and April 13, 2024. The cyber attackers allegedly copied files containing the following personal information:

  • Names
  • Dates of birth
  • Social Security numbers
  • Insurance policy/claim information
  • Prescriptions
  • Provider names

The compromised data is linked to clients of health insurer Blue Shield of California and other related entities. Blue Shield of California has admitted that a third-party vendor notified it of a data breach impacting “health plan members’ information.” Blue Shield of California has alerted their clients in an online notice that they received notification from Young Consulting, who provides risk management services.

In May, the BlackSuit ransomware group added Young Consulting to its leak site, claiming the theft of various types of data. The ransomware gang has allegedly made the stolen data available for download, indicating their victim did not pay a ransom demand. The BlackSuit group said that they stole and later released the following:

  • Business data (contracts, contacts)
  • Employee data (passports, contracts, contacts, family details, medical examinations)
  • Financial data (audits, reports, payments)
  • Other data taken from personal folders