- The Kelly advantage confirms thousands of users affected in violation
- Victims offered free ID -Theft Protection and Credit Monitoring
- The organization encourages users to remain vigilant
Insurance group Kelly Benefits has confirmed to suffer a cyberattack where it lost sensitive information about more than half a million customers.
In a message of violation of data published on its website, the company said “suspicious activity” on its network caused it to bring in a third -party forensic specialists to a study – and the results showed a threat actor who violated the network between 12 – 17 December 2024 and stole “certain files”.
At the beginning of March 2025, Kelly provided the benefits that it lost people’s full names, social security number, tax -id numbers, date of birth, medical information, health insurance information and financial account information. The combination of the stolen data varies from person to person.
No attribution yet
As is usual in these scenarios, the company also submitted a new form to the Maine Attorney General Office, stating that exactly 553,660 individuals were affected by the attack.
Kelly benefits provide integrated management of employee benefits, payroll treatment, insurance broker and HR services.
Its payroll department only serves north of 2,000 employers, processes about two million paychecks and issues more than 100,000 W -2S forms annually. For benefits, it counts more than 10,000 corporate customers and covers more than 8,000 individuals.
Among the companies that use their services (and as such that are affected by the attack) are United Healthcare, OneSamerica Financial Partners and Humana Insurance Ace.
The organization did not say who the threat actors were or what they were looking to achieve. At the time of the press, no groups assumed the responsibility for this attack, and the data is not yet delicious everywhere on the dark web. Meanwhile, Kelly urged the benefit of his customers to remain vigilant and be wary of potential phishing attacks, identity theft or fraud.
Affected persons are offered 12 months of free credit monitoring and identity theft -protection services through IDX.
Via Bleeping computer
