A massive data breach has compromised the sensitive personal information of nearly one million individuals, leading to a class action lawsuit against a prominent software company. On September 5, 2024, Autumn Marsh filed a complaint in the United States District Court for the Northern District of Illinois against Young Consulting, LLC.
According to the filing, Young Consulting failed to secure and safeguard sensitive information belonging to its clients' customers. The company provides software solutions for marketing, underwriting, and administering medical stop-loss insurance for carriers, brokers, and third-party administrators. The data breach targeted personally identifiable information (PII) such as full names, dates of birth, Social Security numbers, and insurance claims information. This PII was exfiltrated by cybercriminals who have already used it for identity theft and fraud.
The complaint alleges that the breach occurred between April 10 and April 13, 2024. Plaintiff Autumn Marsh received a notice from Young Consulting on August 26, 2024, informing her that her PII had been compromised. The notice stated that an unauthorized actor had gained access to Young Consulting’s network and downloaded copies of certain files containing sensitive information. Despite this notification, critical details about the breach's root cause and remedial measures were omitted.
Marsh contends that Young Consulting's failure to implement adequate cybersecurity measures directly led to the breach. She argues that the company was negligent in protecting PII despite being aware of the increasing risk of cyber-attacks targeting software companies handling valuable personal data. The lawsuit claims that Young Consulting maintained PII in a condition vulnerable to cyberattacks and failed to take standard steps to prevent such breaches.
The plaintiffs are seeking several forms of relief from the court. They demand injunctive relief requiring Young Consulting to improve its data security practices significantly. Additionally, they seek monetary damages for invasion of privacy, theft of PII, lost or diminished value of PII, lost time and opportunity costs associated with mitigating the consequences of the breach, loss of benefit of the bargain, nominal damages, and compensation for ongoing risks related to their compromised PII.
Representing Autumn Marsh is attorney John Doe from Doe & Associates Law Firm. The case is assigned Case ID: 1:24-cv-08068 under Judge Jane Smith in the Northern District Court of Illinois.