Young Consulting reports data breach exposing data of nearly 1 Million Blue Shield of California

Young Consulting LLC is reporting a data breach following the discovery of unauthorized access to confidential information on the company's IT network. Young Consulting LLC, a software company based in Atlanta, Georgia, offers software solutions tailored to the employer stop-loss market. The company’s products include ESL Office, BenefitConnect, Claim Pointe, and Xchange Center.

The security incident was initially detected on April 13, 2024, when Young Consulting experienced IT issues, prompting them to take systems offline. An investigation, aided by external cybersecurity experts, revealed that the unauthorized access occurred between April 10 and April 13, 2024. During this period, the unauthorized party downloaded files containing sensitive consumer data.

The ransomware group BlackSuit claimed credit for the attack and leaked stolen data.

The breach primarily impacted 954,177 members of Blue Shield of California, exposing sensitive personal data. The types of information that were compromised include:

• Names,
• Social Security numbers,
• Dates of birth,
• Insurance policy details,
• Claims information.

On August 26, 2024, the company began notifying all impacted individuals by sending data breach notification letters. These letters provide detailed information regarding the specific data that was compromised for each individual.