Kelly Benefits, one of America’s largest benefits administration specialists, suffered a significant data breach in 2024. Over half a million individuals were affected, including clients from major healthcare providers, insurers, and financial services firms. The breach, which occurred between December 12 and 17, 2024, involved unauthorized access to the company's IT environment, resulting in the copying and theft of files containing sensitive personal information. The stolen data included names, Social Security numbers, tax ID numbers, dates of birth, medical information, health insurance details, and financial account information. The complexity of the incident response was exacerbated by the large number of client organizations involved, delaying the notification process until March 3, 2025.
Source: https://www.infosecurity-magazine.com/news/dozens-corporates-kelly-benefits/
TPRM report: https://scoringcyber.rankiteo.com/company/kellybenefits
"id": "kel616070225",
"linkid": "kellybenefits",
"type": "Breach",
"date": "7/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 553660,
'industry': 'Healthcare, Insurance, Financial Services',
'location': 'United States',
'name': 'Kelly Benefits',
'type': 'Benefits Administration'},
{'industry': 'Healthcare',
'location': 'United States',
'name': 'UnitedHealthcare',
'type': 'Healthcare Provider'},
{'industry': 'Insurance',
'location': 'United States',
'name': 'The Guardian Life Insurance Company of '
'America',
'type': 'Insurance Provider'},
{'industry': 'Healthcare',
'location': 'United States',
'name': 'CVS Health',
'type': 'Healthcare Provider'},
{'industry': 'Financial Services',
'location': 'United States',
'name': 'OneAmerica Financial Partners',
'type': 'Financial Services Firm'}],
'attack_vector': 'Unauthorized Access',
'customer_advisories': 'Offered credit monitoring and identity protection '
'services',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': 553660,
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Social Security number',
'Tax ID number',
'Date of birth',
'Medical information',
'Health insurance information',
'Financial account information']},
'date_detected': '2024-12-12',
'date_publicly_disclosed': '2025-03-03',
'description': 'A data breach at Kelly Benefits affected over half a million '
"individuals, with unauthorized access to the company's IT "
'environment resulting in the copying and theft of certain '
'files.',
'impact': {'data_compromised': ['Social Security number',
'Tax ID number',
'Date of birth',
'Medical information',
'Health insurance information',
'Financial account information'],
'identity_theft_risk': 'High'},
'initial_access_broker': {'entry_point': 'Unauthorized Access'},
'investigation_status': 'Completed',
'motivation': 'Data Theft',
'recommendations': 'Offer credit monitoring and identity protection services, '
'encourage credit freezes and fraud alerts',
'references': [{'source': 'Office of the Maine Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Office of the Maine '
'Attorney General'},
'response': {'communication_strategy': 'Notified carriers and clients, '
'offered credit monitoring and '
'identity protection services'},
'title': 'Kelly Benefits Data Breach',
'type': 'Data Breach'}