Younger Consulting is sending data breach notifications to 954,177 individuals who had their info uncovered in a BlackSuit ransomware assault on April 10, 2024.
Younger Consulting (now Connexure) is an Atlanta-based software program options supplier specializing within the employer stop-loss market, aiding insurance coverage carriers, brokers, and third-party directors in managing, advertising and marketing, underwriting, and administering stop-loss insurance coverage insurance policies.
Yesterday, the agency began distributing notices of a data breach to nearly a million individuals, a few of whom are members of the Blue Defend of California, whose knowledge was stolen in a ransomware assault carried out earlier this 12 months by BlackSuit.
The community breach occurred on April 10, however the firm found it three days later when the attackers triggered the encryption of its techniques.
The following investigation was concluded on June 28, revealing that the next info had been compromised: full names, Social Safety numbers (SSNs), dates of start, and insurance coverage declare info.
These impacted will probably be given free-of-charge entry to a 12-month complimentary credit score monitoring service via Cyberscout, which they’ve till the top of November 2024 to say.
BlackSuit leaked the info
Probably impacted people ought to take quick benefit of this providing as BlackSuit has already leaked the stolen knowledge on its darknet-based extortion portal.
Additionally, they need to stay vigilant for unsolicited communications, phishing messages, scamming makes an attempt, and requests for extra info.
The risk actors claimed duty for the assault at Younger Consulting on Could 7. They adopted up on their threats to leak the stolen knowledge just a few weeks later, presumably after they did not extort the software program firm.
BlackSuit claimed to leak much more than what Younger Consulting disclosed on the notices to impacted people, together with enterprise contracts, contacts, displays, worker passports, contracts, contacts, household particulars, medical examinations, monetary audits, experiences, and funds, and numerous content material taken from private folders and community shares.
BleepingComputer has not independently verified these claims.
Supply: BleepingComputer
BlackSuit’s actions this 12 months have brought about large monetary injury to American organizations, with probably the most notable being the CDK International outage.
Earlier this month, CISA and the FBI reported that BlackSuit is a rebrand of Royal ransomware and has remodeled $500 million in ransom calls for over the past two years.
