Kelly Benefits data breach compromised over half a million individuals

More than 550,000 individuals had their sensitive data compromised in a December cyber incident at Kelly & Associates Insurance Group, the company revealed.

 

In a data security incident notice filed with the Office of Maine Attorney General, Kelly Benefits, said that on March 3, it identified suspicious activity in its internal network and immediately launched an investigation to determine the nature and scope of the incident.

 

“Our investigation determined our environment was subject to unauthorised access between December 12, 2024 and December 17, 2024 and certain files were copied and taken,” it said.

 

The compromised data included names, dates of birth, Social Security Numbers, tax ID numbers, medical information, health insurance information, and financial account information. 

 

Initially, in its filing with the Maine state regulator, Kelly Benefits reported that 263,893 individuals were affected by the breach. However, this number was later revised multiple times, with the latest filing indicating that as many as 553,660 people were impacted by the incident.

 

The company also notified the Attorney General on behalf of several impacted customers, including Amergis, Beam Benefits, Beltway Companies, CareFirst, Quantum Real Estate Management, and more.

 

“Upon discovery, we reported this matter to the Federal Bureau of Investigation. As is our typical practice, we will continue to review our already robust security policies, procedures, and tools as part of our ongoing commitment to information security,” the benefits and payroll solutions provider added.

 

While Kelly Benefits found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

It has also offered one year of complimentary identity protection and credit monitoring services through IDX to all affected individuals.