Young Consulting LLC recently disclosed a significant data breach affecting approximately 1,071,336 individuals across the United States. The breach occurred between April 10 and April 13, 2024, and was discovered by the company on June 28, 2024. According to official disclosures, unauthorized individuals gained access to sensitive personal and medical information.
The compromised data included personally identifiable information (PII) such as names, addresses, Social Security numbers, dates of birth, insurance claim details, tax ID numbers, and insurance policy information.
Additionally, the breach exposed protected health information (PHI), including medical records, health insurance information, prescription details, provider names, and other sensitive health-related data.
Young Consulting LLC reported the breach to multiple state Attorney General offices, including the California Attorney General on April 14, 2025, the Maine Attorney General on April 14, 2025, the Texas Attorney General on January 31, 2025, and the New Hampshire Attorney General on April 11, 2025. The number of affected individuals varies by state, with Texas reporting 62,276 affected residents, Massachusetts reporting 8,345 affected residents, Maine reporting 1,173 affected residents, and New Hampshire reporting 28 affected residents.
The company notified affected individuals on several occasions, including August 26, 2024, and April 11, 2025. Notifications were sent through written notices via U.S. Mail and posted on a dedicated company website.
Given the severity of the breach and the sensitive nature of the exposed data, affected individuals should carefully monitor their financial accounts, credit reports, and health insurance statements for any unusual activity. Consumers are advised to consider placing fraud alerts or credit freezes on their credit reports through major credit bureaus.
For additional details about the breach and protective measures, affected individuals can review the official disclosures provided to the Attorney General offices of the following states:
A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.
This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.