Insurance group Kelly Benefits says over half a million people now affected in major data breach – here’s what we know
- Kelly Benefits confirms thousands of users affected in breach
- Victims are offered free ID theft protection and credit monitoring
- The organization urges users to remain vigilant
Insurance group Kelly Benefits has confirmed suffering a cyberattack in which it lost sensitive information on more than half a million customers.
In a data breach notification published on its website, the company said “suspicious activity” on its network prompted it to bring in third-party forensic specialists for an investigation – and the results showed a threat actor breaching the network between December 12 – 17, 2024, stealing “certain files”.
By early March 2025, Kelly Benefits determined that it lost people’s full names, Social Security numbers, tax ID numbers, dates of birth, medical information, health insurance information, and financial account information. The combination of the data stolen varies from person to person.
Get 55% off Incogni’s Data Removal service with code TECHRADAR
Wipe your personal data off the internet with the Incogni data removal service. Stop identity thieves
and protect your privacy from unwanted spam and scam calls.View Deal
No attribution yet
As is usual in these scenarios, the company also filed a new form with the Office of the Maine Attorney General, stating exactly 553,660 individuals were affected by the attack.
Kelly Benefits provides integrated employee benefits administration, payroll processing, insurance brokerage, and HR services.
Its payroll division alone serves north of 2,000 employers, processing around two million paychecks and issuing more than 100,000 W‑2s forms annually. For benefits, it counts more than 10,000 corporate clients, and covers more than 8,000 individuals.
Among the companies using its services (and as such, being affected by the attack) are United Healthcare, OneAmerica Financial Partners, and Humana Insurance ACE.
The organization did not say who the threat actors were, or what they were looking to achieve. At press time, no groups claimed responsibility for this attack, and the data is yet to leak anywhere on the dark web. In the meantime, Kelly Benefits urged its customers to remain vigilant, and be wary of potential phishing attacks, identity theft, or fraud.
Affected individuals are offered 12 months of free credit monitoring and identity theft protection services through IDX.
Via BleepingComputer
You might also like
- Major US healthcare data provider hit by data breach – over 5 million patients affected, here’s what we know
- Take a look at our guide to the best authenticator app
- We’ve rounded up the best password managers
