- Kelly Benefits confirms thousands of users affected by a breach
- Victims are offered free protection for identity theft and credit monitoring
- The organization urges users to remain vigilant
The Kelly Benefits insurance group has confirmed the suffering of a cyber attack in which it has lost sensitive information on more than half a million customers.
In a data violation notification published on its website, the company said that “suspicious activity” on its network prompted it to call on a third party specialists for an investigation – and the results showed a threat player who violated the network between December 12 and 17, 2024, the theft of “certain files”.
In early March 2025, Kelly’s benefits determined that he lost the full names of people, social security numbers, tax identity numbers, birth dates, medical information, health insurance information and financial accounts. The combination of stolen data varies from person to person.
No allocation
As usual in these scenarios, the company also filed a new form with the Maine prosecutor’s office, declaring exactly that 553,660 people were affected by the attack.
Kelly Benefits provides an administration of integrated benefits, payroll processing, insurance brokerage and HR services.
Its payroll division alone served north of 2,000 employers, treating approximately two million pay checks and issuing more than 100,000 W – 2S per year. For benefits, it has more than 10,000 business customers and covers more than 8,000 people.
Among the companies using its services (and as such, affected by the attack) are United Healthcare, Oneamerica Financial Partners and Humana Insurance Ace.
The organization did not say who were the actors of the threat or what they were trying to achieve. At the time of the press, no group has claimed the responsibility of this attack, and the data must still flee anywhere on the Dark Web. In the meantime, Kelly Benefits urged his customers to remain vigilant and to be wary of potential phishing attacks, identity theft or fraud.
The affected people are offered 12 months of free credit and identity monitoring services via IDX.
Via Bleeping Compompute
