Blue & Co., LLC Alerts Customers About Data Privacy Risk
On July 3, 2025, Blue & Co., LLC, a prominent financial consulting firm based in Carmel, Indiana, issued a critical alert regarding a data privacy incident that may impact the personal information of certain individuals. The company stressed the importance of safeguarding customer data and provided comprehensive details about the circumstances surrounding the event and ongoing investigations.
The episode began on December 9, 2024, when Blue detected unauthorized access to one of its servers. Although there is currently no evidence indicating that the information has been misused, the company took immediate action to assess the situation. They quickly isolated the affected server to mitigate any potential risk and engaged third-party forensic experts to assist in the investigation.
After thorough analysis, it became evident that unauthorized access occurred on November 7, 2024, for a brief period, during which data was compromised. Following this discovery, Blue enlisted third-party specialists to conduct an in-depth review of the potentially sensitive information accessed during the breach, finalized on May 20, 2025.
The investigation revealed that various types of personal health information, provided by several companies, might have been exposed. In line with best practices regarding data breaches, Blue conducted diligent efforts to gather address information for the individuals potentially impacted. Starting from July 8, 2025, the company will initiate direct notifications to these individuals to ensure transparency and provide them with guidance on protective steps they can take.
Among the categories of information that may have been compromised are:
- - Names,
- - Social Security numbers,
- - Driver's license numbers,
- - Passport numbers,
- - Financial account details,
- - Medical records,
- - Diagnosis and treatment information,
- - Health insurance specifics, and more.
Blue reiterated its commitment to data privacy and security, asserting that protecting client information is a top priority. The firm has robust security measures in place to uphold data integrity and confidentiality. In response to this incident, Blue has proactively alerted federal law enforcement and the U.S. Department of Health and Human Services to ensure they adhere to regulatory compliance.
For those whose mailing addresses are validated and who are potentially affected, a notification letter will be dispatched to inform them of the incident. Blue encourages anyone with questions or concerns related to this potential breach to contact their dedicated assistance line at 866-819-2990, which will be operational from July 7, 2025. Additionally, support can be accessed through the Blue website at
info.blueandco.com.
To protect against potential identity theft and fraud, the company advised individuals to monitor their financial accounts and review credit reports for unusual activity. In addition, Blue provided information on how to connect with the three major credit reporting agencies to obtain free credit reports or place fraud alerts and security freezes.
Finally, Blue & Co. emphasized the importance of vigilance among all clients in light of this data event. They curated additional resources to assist affected individuals in understanding the measures they can take to protect themselves from identity-related risks.
As the situation continues to evolve, Blue & Co. remains committed to resolving this issue and reassuring their clients of the safeguards implemented to prevent future incidents. Stay informed and proactive in monitoring your personal information as updates from Blue will be available through their official communication channels.