- Kelly Benefits confirms thousands of users affected in breach
- Victims are offered free identification theft protection and credit monitoring
- The organization urges users to remain attentive
The Kelly Benefits insurance group has confirmed the suffering of a cyber attack in which it lost confidential information in more than half a million customers.
In a data violation notification published on its website, the company said that “suspicious activity” in its network led him to bring third -party forensic specialists for investigation, and the results showed that a threat actor breached the network between December 12 and 17, 2024, stealing “certain files.”
At the beginning of March 2025, Kelly Benefits determined that he lost the full names of people, social security numbers, fiscal identification numbers, birth dates, medical information, health insurance information and financial accounts information. The combination of stolen data varies from person to person.
Without attribution yet
As usual in these scenarios, the company also presented a new form before the Office of the Prosecutor of Maine, indicating exactly 553,660 people were affected by the attack.
Kelly Benefits provides Integrated Employee Benefits Administration, payroll processing, insurance brokerage and human resources services.
Only its payroll division serves north of 2,000 employers, processing around two million payment checks and issuing more than 100,000 W -2 forms annually. For benefits, it has more than 10,000 corporate clients and covers more than 8,000 people.
Among the companies that use their services (and as such, they are affected by the attack) are United Healthcare, Oneamerica Financial Partners and Human Insurance Ace.
The organization did not say who the threat actors were, or what they wanted to achieve. At the time of publication, no group attributed the responsibility of this attack, and the data has not yet leaked anywhere on the Dark website. Meanwhile, Kelly Benefits urged his clients to remain attentive and distrust possible phishing attacks, identity theft or fraud.
Affected persons are offered 12 months of free credit monitoring and identity theft protection services through IDX.
Through Bleepingcomputer
