Kelly Benefits Data Breach Exposes Dozens of Companies
▼ Summary
– Over 550,000 individuals were affected by a 2024 data breach at Kelly Benefits, a major US benefits administration company.
– The breach involved unauthorized access to Kelly Benefits’ IT systems between December 12-17, 2024, leading to data theft.
– Impacted clients include major firms like UnitedHealthcare, CVS Health, and The Guardian Life Insurance Company.
– Stolen data includes sensitive information such as Social Security numbers, medical details, and financial account data.
– Kelly Benefits is offering free credit monitoring and identity protection services to affected individuals.
A major data breach at Kelly Benefits has compromised sensitive information belonging to over half a million individuals, including employees of prominent healthcare and financial organizations. The incident, which occurred in late 2024, exposed personal and financial details, raising concerns about potential identity theft and fraud.
Kelly Benefits, a leading provider of benefits administration and payroll solutions, serves numerous high-profile clients such as UnitedHealthcare, CVS Health, and The Guardian Life Insurance Company. The breach impacted 553,660 people, according to filings with the Office of the Maine Attorney General. Unauthorized access to the company’s systems between December 12 and 17, 2024, allowed attackers to copy sensitive files before being detected.
Investigating the breach proved challenging due to the extensive network of affected organizations. Kelly Benefits identified 45 client companies whose data was compromised, requiring a meticulous review to determine which individuals were impacted. The analysis, completed in early 2025, revealed that stolen information included names, Social Security numbers, tax IDs, dates of birth, medical records, and financial account details, valuable data for cybercriminals engaging in phishing or identity theft.
In response, Kelly Benefits is offering free credit monitoring and identity protection services to those affected. The company also recommends placing fraud alerts or credit freezes to mitigate risks. Given the sensitivity of the exposed data, experts urge victims to remain vigilant against suspicious activity, as stolen personal information often resurfaces in fraudulent schemes long after the initial breach.
This incident underscores the growing threat of cyberattacks targeting third-party service providers, which often store vast amounts of sensitive data for multiple organizations. Businesses relying on such vendors must prioritize robust cybersecurity measures to prevent similar breaches in the future.
(Source: Infosecurity)
