Young Life Data Breach Exposes PII of 51,226 Individuals

Young Life, a global religious organization dedicated to engaging with adolescents, recently experienced a significant data breach that exposed sensitive personal information of 51,226 individuals in the United States.

The breach occurred over two days, on June 13 and June 14, 2024, but was not discovered by the organization until November 18, 2024. Young Life disclosed the breach to several state attorney general offices on December 13, 2024.

The breach involved a range of sensitive information, including:

• Names
• Social Security numbers
• Driver’s license numbers
• Financial account information (e.g., account numbers, credit or debit card numbers)
• Medical information
• Health insurance information

The severity of this breach stems from the breadth of data exposed, which could leave affected individuals vulnerable to identity theft, financial fraud, and other malicious activities. While the exact method of the breach has not been disclosed, the exposure of such varied and sensitive data underscores the importance of vigilance for those impacted.

The breach affected individuals across multiple states, with 5,223 people in Texas, 34 in Maine, and 150 in Massachusetts among those whose data was compromised. Young Life began notifying affected consumers via U.S. mail on December 12, 2024.

Young Life's response

In response to the breach, Young Life has notified affected individuals by mail, beginning December 12, 2024. The organization has also filed disclosures with the attorney general offices in California, Maine, Massachusetts, and Texas, as required by law. These filings provide details about the breach and the number of individuals affected in each state.

While the specific measures Young Life has taken to secure its systems and prevent future breaches have not been disclosed, the organization’s notification efforts indicate an attempt to comply with legal obligations and inform those impacted.

Steps for affected individuals

If you have received a notification from Young Life regarding this data breach or believe you may have been affected, it’s important to take immediate steps to protect yourself. Given the sensitive nature of the information exposed, including Social Security numbers and financial account details, here’s what you should do:

1. Monitor your financial accounts and credit reports: Regularly review your bank statements, credit card activity, and credit reports for any unauthorized transactions or accounts. You can access free credit reports at AnnualCreditReport.com.
2. Consider placing a fraud alert or credit freeze: A fraud alert notifies creditors to take extra steps to verify your identity before opening new accounts. A credit freeze prevents new accounts from being opened in your name entirely. Both services are free and can be set up with the three major credit bureaus: Experian, Equifax, and TransUnion.
3. Watch for phishing attempts: Be cautious of unsolicited emails, phone calls, or messages requesting personal or financial information. Scammers may use information from the breach to impersonate trusted entities.
4. Change passwords and enable multi-factor authentication (MFA): If you have accounts associated with Young Life or other platforms that may have been compromised, update your passwords immediately. Use strong, unique passwords and enable MFA for an added layer of security.
5. Consider identity theft protection services: If your Social Security number was exposed, enrolling in an identity theft protection service may provide additional monitoring and support if your identity is misused.
6. Contact your health insurance provider: If your health insurance information was exposed, notify your provider and monitor your medical claims for any unauthorized activity.

By taking these steps, you can reduce the risk of identity theft and financial fraud.

For more details, you can view the disclosure on the Maine Attorney General’s website, Texas Attorney General’s website, Massachusetts Attorney General’s website, and California Attorney General’s website.