When a business experiences a significant data breach, understanding the full impact can take a long time. That’s exactly the situation Kelly Benefits is now facing.
According to a report by BleepingComputer, Kelly & Associates Insurance Group—widely known as Kelly Benefits—has disclosed that a cybersecurity incident from December 12–17 last year has affected far more people than initially believed.
Originally, the company reported in April that 32,234 individuals had been impacted after hackers infiltrated its systems and accessed sensitive information. Over the past three months, however, the number has continued to climb. The latest figures show that 553,660 people are now at risk because of this breach.
In a public notice, Kelly Benefits explained that 46 companies relying on its services were caught up in the incident. Even if you haven’t worked directly with Kelly Benefits, you may still be affected if your employer or insurance carrier uses their benefits consulting, payroll management, or enrollment technology.
Some of the prominent organizations named in the breach notification include:
- Wawa
- United Healthcare
- Aetna Life Insurance Company (CVS Health)
- Humana Insurance ACE
- CareFirst BlueCross BlueShield
- Mutual of Omaha Insurance Company
- The Guardian Life Insurance Company of America
To help people understand the risks, Kelly Benefits has sent personalized letters outlining exactly what data was exposed. The compromised information varies by person but could include full names, Social Security numbers, tax ID numbers, birth dates, health and medical insurance details, and financial account information.
As BleepingComputer highlighted, criminals armed with this data could attempt phishing scams, identity theft, or other fraudulent schemes. Under U.S. law, companies must notify you about what specific information was stolen. These notices typically arrive via postal mail, not by email or text. So if your employer works with Kelly Benefits, keep an eye on your mailbox in the coming weeks.
To mitigate the damage, Kelly Benefits is providing affected individuals with a year of complimentary identity theft protection from IDX. The notification letters include an enrollment code to activate this service. If you receive one, it’s highly recommended you sign up—it can help you recover your identity or reclaim stolen funds if fraud occurs.
In the meantime, be proactive:
- Monitor all your financial accounts for suspicious activity
- Consider placing a credit freeze with Equifax, Experian, and TransUnion to prevent new loans from being opened in your name
- Watch for phishing attempts targeting your stolen information
Even if you do everything right, you can still become a victim of a data breach simply because a company you trust relies on a third party. That’s why it’s essential to take immediate action if your personal or financial data has been compromised.
With cyberattacks and security incidents becoming more frequent, early vigilance and continuous monitoring are your best defenses against identity theft and fraud.
