The Maryland-based benefits administration and payroll solutions provider confirmed that cybercriminals infiltrated its computer systems between December 12 and December 17, 2024.
According to recent notifications to the Maine Attorney General’s Office, the scope of the breach has grown dramatically since it was first reported. The company initially disclosed in early April that approximately 32,000 people were affected.
That number increased to nearly 264,000 just ten days later. The latest reports indicate the total has now exceeded 413,000 individuals.
The investigation, completed in early March 2025, revealed that unauthorized actors accessed and exfiltrated files containing highly sensitive personal information.
The compromised data includes names, Social Security numbers, dates of birth, tax identification numbers, financial account information, and health insurance and medical information.
“Kelly Associates then began a time-intensive and detailed review of all files affected by this event to determine what information was present in the impacted files and to whom it related,” the company stated in its breach notification. The company has reported the incident to the Federal Bureau of Investigation.
Kelly Associates is notifying affected individuals on behalf of several major clients, including Amergis, Beam Benefits, Beltway Companies, CareFirst BlueCross BlueShield, Guardian Life Insurance Company of America, Intercon Truck of Baltimore, Publishers Circulation Fulfilment, Quantum Real Estate Management, and Transforming Lives.
Cybersecurity experts have not determined whether the breach was part of a ransomware attack, as no known ransomware group has claimed responsibility for the incident. The company has declined further comment, citing “the sensitive nature of the incident and subsequent investigation”.
Multiple law firms have launched investigations into the breach, with several pursuing potential class action lawsuits on behalf of affected individuals. One complaint alleges that Kelly Benefits “negligently failed to protect the personal information of thousands of people” and breached its duties under various laws, including HIPAA and the FTC Act.
The company is offering affected individuals 12 months of credit monitoring and identity protection services at no cost. Cybersecurity experts recommend that victims remain vigilant against potential identity theft and fraud by regularly monitoring credit reports and account statements for suspicious activity.
As data breaches continue to plague companies handling sensitive information, this incident highlights the growing scale and impact of such security failures on consumers.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates
The post Kelly Associates Data Breach Exposes 410,000+ Users Personal Data appeared first on Cyber Security News.
Spider-Man and Civil War star Kirsten Dunst is reportedly joining A Minecraft Movie 2 to…
The Secretlab Spring Sale has officially commenced and with it are a couple of different…
Since it debuted in 2016, if you wanted to watch the mega-blockbuster show Stranger Things,…
If you are planning a PC build and have been hoping to get ahold of…
CISA has added a high-severity vulnerability affecting the Zimbra Collaboration Suite (ZCS) to its Known…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert urging organizations…
This website uses cookies.