BlackSuit ransomware stole data of 950000 from software vendor

BlackSuit ransomware stole data of 950000 from software vendor. Young Consulting is sending data breach notifications to 954,177 people who had their information exposed in a BlackSuit ransomware attack on April 10, 2024.

Young Consulting (now Connexure) is an Atlanta-based software solutions provider specializing in the employer stop-loss marketplace, assisting insurance carriers, brokers, and third-party administrators in managing, marketing, underwriting, and administering stop-loss insurance policies.

Yesterday, the firm started distributing notices of a data breach to almost one million people, some of whom are members of the Blue Shield of California, whose data was stolen in a ransomware attack conducted earlier this year by BlackSuit.

The network breach occurred on April 10, but the company discovered it three days later when the attackers triggered the encryption of its systems.

The ensuing investigation was concluded on June 28, revealing that the following information had been compromised: full names, Social Security numbers (SSNs), dates of birth, and insurance claim information.

Those impacted will be given free-of-charge access to a 12-month complimentary credit monitoring service through Cyberscout, which they have until the end of November 2024 to claim.

BlackSuit leaked the data

Potentially impacted individuals should take immediate advantage of this offering as BlackSuit has already leaked the stolen data on its darknet-based extortion portal.
Also, they should remain vigilant for unsolicited communications, phishing messages, scamming attempts, and requests for additional information.

The threat actors claimed responsibility for the attack at Young Consulting on May 7. They followed up on their threats to leak the stolen data a few weeks later, presumably after they failed to extort the software company.

BlackSuit claimed to leak a lot more than what Young Consulting disclosed on the notices to impacted individuals, including business contracts, contacts, presentations, employee passports, contracts, contacts, family details, medical examinations, financial audits, reports, and payments, and various content taken from personal folders and network shares.

BleepingComputer has not independently verified these claims.

BlackSuit’s activities this year have caused massive financial damage to American organizations, with the most notable being the CDK Global outage.

Earlier this month, CISA and the FBI reported that BlackSuit is a rebrand of Royal ransomware and has made over $500 million in ransom demands over the last two years.