Strauss Borrelli PLLC, a leading data breach law firm, is investigating Blue & Co., LLC regarding its recent data breach. The Blue & Co. data breach involved sensitive personal identifiable information and protected health information belonging to an undetermined number of individuals.
ABOUT BLUE & CO., LLC:
Blue & Co. is an accounting firm based in Indiana.3 Today, Blue & Co. provides auditing, business planning, financial controls, mergers and acquisitions, and more to businesses across various industries, including agribusiness and healthcare.2,3 Headquartered in Carmel, Indiana, Blue & Co. has additional locations across Indiana, Kentucky, Ohio, Michigan, and Tennessee and employs over 200 individuals.3,4
WHAT HAPPENED?
Recently, Blue & Co. announced that it had experienced a data breach in which the sensitive personal identifiable information and protected health information in its care may have been compromised. According to the breach notice, on December 9, 2024, Blue & Co. learned of an unauthorized actor who claimed to have taken data from a server in Blue & Co.’s IT environment.1 As a result, Blue & Co. launched an investigation to determine the nature of the incident.
Through its investigation, Blue & Co. confirmed that sensitive personal identifiable information and protected health information in its systems may have been accessed by an unauthorized third party on or around November 7, 2024.1 While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Social Security number
- Date of birth
- Driver’s license number
- Passport number
- Individual tax identification number
- Financial account information with or without access credential
- Medical information (medical record number, diagnostic information, procedure type, admission date, patient identification number, Medicare identification number, billing / claims information, patient encounter number, treatment location, treatment cost, prescription information, mental or physical condition, treating/referring physician, diagnostic code)
- Health insurance information
- Username/password
As a result of the data breach, Blue & Co. posted a notice of the incident on its website. Additionally, on July 3, 2025, Blue & Co. began sending breach notification letters to impacted individuals.1 A link to the website breach notice is below.
If you received a breach notification letter from Blue & Co., LLC:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
LINKS
[1] https://info.blueandco.com/2025-blue-co.-llc-notification
[2] https://www.blueandco.com/industries/
[3] https://www.linkedin.com/company/blue-&-co–llc/about/
[4] https://www.blueandco.com/about-us/locations/
[5] https://www.prnewswire.com/news-releases/blue–co-llc-provides-notice-of-data-event-302497835.html