Over 950,000 individuals impacted in a BlackSuit ransomware attack targeting Connexure

28 Aug 2024

2 MIN read


Connexure, formerly known as Young Consulting, has informed 954,177 individuals in the U.S. that their personal information, including names and other identifiers, was exposed in a data breach that occurred on April 10th, 2024. The breach came to light after the BlackSuit ransomware group claimed responsibility on May 7th, threatening to release the data publicly if the company did not contact them within three days.

According to a report filed with the Office of the Maine Attorney General, Young Consulting detected technical issues on April 13th and immediately took steps to contain the incident by taking certain systems offline. With the help of a cybersecurity forensics firm, they discovered that an unauthorized party had accessed their network between April 10th and April 13th, 2024, and had downloaded various files.

The compromised data potentially includes a mix of names, Social Security numbers, birth dates, and insurance policy or claim details, with the specifics varying for each individual. These notifications are being issued on behalf of Blue Shield of California, a health plan and mutual benefit corporation.

However, a post on the BlackSuit ransomware group’s extortion site on the dark web suggests that the stolen data also includes business-related information (contracts, contacts, planning documents, etc.), employee data (passports, contracts, medical details, etc.), financial records, and other sensitive information. The post claimed that the data had already been publicly released, providing two links to it, though the validity of these claims had not been verified by Cybernews.

The ransomware group accused Young Consulting’s top management of refusing to negotiate, allegedly disregarding the personal information of their business partners and employees.

In response, Young Consulting assured affected individuals that they take the incident and information security very seriously. They have notified law enforcement and are reviewing their security policies and procedures to prevent future incidents. Additionally, the company is offering credit monitoring and identity theft restoration services at no cost to those impacted.

The FBI has previously warned about the increasing threat posed by BlackSuit ransomware, which is believed to be a rebrand of the notorious Royal ransomware group. This group has been targeting various critical infrastructure sectors and demanding ransoms as high as $60 million. Recently, the group also attacked automotive software provider CDK Global, impacting auto dealers across North America.