950,000 Credentials Stolen in Young Consulting Breach

In a significant cybersecurity breach, Young Consulting, a software solutions provider based in Atlanta, disclosed that the personal information of 954,177 individuals was compromised in a ransomware attack. The attack was reportedly conducted by the BlackSuit group on April 10, 2024, and targeted sensitive data, including names, Social Security numbers, dates of birth, and insurance claim information.

Young Consulting, now rebranded as Connexure, detected the breach three days later on April 13, when it "became aware of technical difficulties" within its environment, as reported by SecurityWeek. The company immediately took its systems offline and launched an investigation with the help of a cybersecurity forensics firm to determine the nature and scope of the incident.

The attackers maintained access to Young Consulting’s network for three days, during which they exfiltrated a significant amount of sensitive data. According to a report by BleepingComputer, the compromised information includes data belonging to members of Blue Shield of California, one of Young Consulting’s clients.

In a statement, Young Consulting assured its clientele that it "takes this event and the security of information in our care very seriously" and that it has begun notifying impacted individuals. The company is also offering 12 months of complimentary credit monitoring and identity theft protection services through Cyberscout to those affected.

BlackSuit, a rebrand of the notorious Royal ransomware group, has been linked to several high-profile cyberattacks in recent years. The group claimed responsibility for the Young Consulting breach on May 7, 2024, and subsequently leaked the stolen data after the company refused to negotiate. The leaked information allegedly includes business contracts, employee details, and financial data, far exceeding the scope of stolen data that was disclosed by Young Consulting.

The CISA and FBI have since issued an updated alert, warning that BlackSuit has demanded ransoms ranging from $1 million to $60 million in Bitcoin, with a total of over $500 million demanded since the group’s emergence.

This attack spotlights the growing threat posed by ransomware groups like BlackSuit, which utilize advanced tactics to infiltrate networks, exfiltrate data, and encrypt systems.