Between December 12 and December 17, 2024, unauthorized actors infiltrated the systems of Kelly & Associates Insurance Group, operating as Kelly Benefits. Initial reports in early April indicated around 32,000 affected individuals, but subsequent notifications to the Maine Attorney General’s Office revealed the breach ultimately exposed data for over 413,000 people. The compromised files contained highly sensitive personal information, including names, Social Security numbers, dates of birth, tax identification numbers, financial account details, and medical and health insurance records. Kelly & Associates completed an extensive file-by-file review in March 2025, reported the incident to the FBI, and began notifying impacted individuals on behalf of several major clients. No ransomware group has claimed responsibility, and the company has declined further comment due to investigation sensitivity. Affected individuals are being offered 12 months of free credit monitoring and identity protection, while multiple law firms pursue potential class action lawsuits alleging negligence under HIPAA and other regulations.
Source: https://cybersecuritynews.com/kelly-associates-data-breach/
"id": "kel1051050625",
"linkid": "kellybenefits",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"