Young & Company Data Breach Investigation
According to a filing with the Maine Attorney General, Young & Company reported a hacking-related data incident and said written notices were mailed to affected individuals. Public records identify Young & Company as a financial services business based in Lake Mary, Florida. The filing does not publicly list the total number of affected individuals, but it does say one Maine resident was notified and that 12 months of IDX credit monitoring and identity protection were offered. If you received a notice, review it closely and consider filling out the form on this page to see whether you may qualify for a claim.
Young & Company is a Florida-based financial services business in Lake Mary, Florida. Public regulatory records identify it as a financial services entity and list a Lake Mary address. If you received a notice connected to Young & Company, the summary below explains what the public filing says and what steps may help protect you.
Key Facts at a Glance
- Company: Young & Company
- Industry: Financial Services
- Location: Lake Mary, Florida
- Incident type reported: External system breach (hacking), according to the Maine Attorney General filing
- Reported incident date: February 24, 2025
- Reported discovery date: March 31, 2026
- Consumer notice date: May 11, 2026
- Information that may have been involved: Name and Social Security number, based on the structured incident data; the public filing text is limited
- Known affected count: The total number of affected individuals was not publicly listed; the filing identifies 1 Maine resident
- Protection offered: 12 months of IDX credit monitoring and identity protection
- Company contact listed in the filing: (407) 936-2500
What Happened?
According to the Maine Attorney General filing, Young & Company reported that an external system breach or hacking event occurred on February 24, 2025 and was discovered on March 31, 2026. The same filing says written notice to affected consumers was sent on May 11, 2026. Publicly available records do not list the total number of affected people nationwide, so the full scope is unclear from the filing alone.
What Information Was Exposed?
The available public records do not reproduce a complete, easy-to-read list of data elements. The structured incident data associated with this event indicates that names and Social Security numbers may have been involved. Because the accessible Maine filing text is limited, affected individuals should review any letter they received carefully to confirm exactly what Young & Company says was involved in their case.
If a Social Security number was involved, the risk can include identity theft, tax fraud, new-account fraud, or other misuse of personal information over time. Even if no misuse is immediately visible, it is still reasonable to monitor credit reports and account activity closely.
What Should You Do Next?
- Read your notice carefully. Confirm what Young & Company says may have been involved and keep the letter for your records.
- Use the protection that was offered. The filing says 12 months of IDX credit monitoring and identity protection were available, which may help with early detection of misuse.
- Check your credit and consider extra safeguards. If your Social Security number may have been involved, review your credit reports and consider placing a fraud alert or credit freeze.
- Watch for suspicious activity. Review bank statements, tax records, insurance correspondence, and other important accounts for unfamiliar charges or notices.
- Document problems and ask questions early. Keep screenshots, letters, and notes if you notice anything unusual. If you want to understand your legal options, you can fill out the form on this page to contact Strauss Borrelli PLLC.
Your Legal Rights
When a company reports a data incident involving sensitive personal information, affected individuals may have legal rights depending on the facts, the company's security practices, the timing of notice, and the laws that apply. In some situations, people may seek recovery for out-of-pocket losses, time spent addressing the issue, or other harm linked to the incident.
That does not mean every reported incident leads to a lawsuit or recovery. But if you received a notice, it can make sense to preserve the letter, document any suspicious activity, and speak with counsel about whether an investigation or claim may be appropriate.
Why Hire Strauss Borrelli PLLC?
Strauss Borrelli PLLC represents individuals in data breach and privacy matters and has experience evaluating reported cyber incidents, notice timing, and the real-world impact on affected consumers. Our team works to explain the facts clearly, investigate potential claims, and pursue accountability where the law supports it.
If you received a Young & Company notice or have concerns about possible misuse of your information, Strauss Borrelli PLLC can help you understand your options in plain English and assess whether further action may be warranted.
If you received a breach notification letter from Young & Company:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
