Young Consulting says cyber attack impacted close to a million individuals

Atlanta-based software developer Young Consulting said that a data security incident it suffered earlier this year compromised the sensitive personal information of close to one million individuals.

In a filing with the Office of Maine Attorney General, Young Consulting said that on April 13, it identified suspicious activity in its internal network. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident. It also took the affected systems offline and notified law enforcement about the incident.

“The investigation determined that an unauthorised actor gained access to Young Consulting’s network between April 10, 2024, and April 13, 2024, and downloaded copies of certain files,” the software development firm said.

The compromised data included names, Social Security numbers, dates of birth, and insurance claim information. Young Consulting’s filing with the Maine state regulator also revealed that it identified at least 954,177 individuals whose personal data was compromised during the incident.

“Upon learning of the incident, we took immediate steps to secure our computer environment, investigate the activity, and notify law enforcement. As part of our ongoing commitment to the privacy of information in our care, we are reviewing our policies, procedures, and processes related to the storage and access of sensitive information to prevent something like this from happening in the future,” the company added.

While Young Consulting found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

It has also offered one year of complimentary identity protection and credit monitoring services through Cyberscout to all affected individuals.

In May, the BlackSuit ransomware group 

responsibility for a cyber attack on Young Consulting and listed the company as a victim on its data leak site. It is not clear whether the company engaged with the hackers or paid a ransom to regain access to the stolen data.