Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data Leak Privacy. Show all posts
Kelly Benefits
CareFirst Cyberattacks CyberCrime CyberThreat Cyersecurity Data Breach Data Leak Privacy data threat Google Quantum Kelly Benefits

Data Breach Exposes Personal Information of Hundreds of Thousands

 


Several cybersecurity incidents have recently come to light, revealing the growing vulnerabilities that organisations face when handling large amounts of personal data. A significant data breach has occurred at Kelly & Associates Insurance Group, which operates under the name Kelly Benefits. 

In the event of unauthorised access to Kelly Benefits' internal systems, the company confirms that it has compromised the personal information of over 410,000 individuals, which exceeds any earlier estimates that it had. Kelly & Associates Insurance Group, Inc. has been causing serious concern in the benefits administration industry for several years now due to an unfortunate development involving data security. 

Kelly Benefits, the company that operates under the name Kelly Benefits, has reported a major cybersecurity incident that has affected over 413,000 employees nationwide. It is important to note that a Maryland-based company providing payroll processing, benefits administration, and human resources services in December 2024 uncovered unusual activity in its IT systems, which led to a comprehensive internal investigation being initiated immediately. 

As a result of unauthorised access to the company's network between December 12 and December 17, 2024, cybercriminals were able to exfiltrate sensitive personal data from the company's network for five days between December 12 and December 17, 2024. A detailed forensic analysis completed by Kelly Benefits on March 3, 2025, revealed that the scope of the attack was significantly greater than initially believed. This incident is not only a reminder of the vulnerability within corporate infrastructures but also illustrates the need for enhanced cybersecurity protocols in industries that handle large amounts of private information, such as the medical and pharmaceutical industries. 

Further investigation into the breach revealed that the cybercriminals were able to exfiltrate highly sensitive personal data during the five-day intrusion. The compromised information includes individuals’ full names, Social Security numbers, dates of birth, taxpayer identification numbers, health insurance and medical details, as well as financial account information. 

The scope of the data accessed underscores the seriousness of the breach and its potential long-term impact on those. In response to the events, Kelly Benefits has begun notifying the people impacted, both directly and on behalf of several partner organisations that are also impacted. Amergis, Beam Benefits, Beltway Companies, CareFirst, The Guardian Life Insurance Company of America, Intercon Truck of Baltimore, Publishers Circulation Fulfilment, Quantum Real Estate Management, and Transforming Lives are just a few of the companies that have been impacted. 

Over time, the breach has taken on a significantly larger scope than it started with. On April 9, 2025, the company reported to the Maine Attorney General’s Office that approximately 32,000 people had been affected by the incident, but this number was revised ten days later to more than 260,000 people. Over 413,000 individuals have been confirmed to have been affected by the incident as of the latest notification — a number that will continue to rise as additional reviews take place. 

Even though Kelly Benefits had finished its internal file review in early March, the full extent of the breach is still unfolding. At this time, it is unclear if the attack involved ransomware, since no known ransomware groups have claimed responsibility for the attack. As the reported figures continue to rise, along with the addition of new client organisations that have been affected, it is becoming increasingly apparent that the breach is both complex and potentially expanding. 

With an unprecedented rise in data breaches reported on an almost daily basis across a broad range of industries in the year 2025, organisations across industries are experiencing a surge in data breaches. There can be substantial financial losses as a result of such attacks, but it is often the enduring reputational damage that can prove the most detrimental. For some companies, long-term trust losses among clients, partners, and the public can be difficult to recover from, even when the initial fallout has been handled.

Although awareness of the issue is on the rise, a troubling pattern of negligence continues to persist. Trend Micro has recently published a report that revealed that 78% of data breaches in the previous quarter were the result of preventable vulnerabilities—the evidence pointing to the fact that many organisations are still failing to implement even the most basic cybersecurity measures. Because artificial intelligence continues to evolve and alter the digital threat landscape, it becomes increasingly difficult to detect cyber threats as they become more sophisticated. 

The current state of cybersecurity is likely to worsen without a strategic and proactive shift in how businesses approach cybersecurity. Current defences are showing signs of inadequacy, and organisations will have to take meaningful actions to prevent further damage. As the Kelly Benefits incident indicates, cybersecurity is no longer an afterthought within an organisation and can no longer be treated as a secondary function. 

In today's cybersecurity-driven world, businesses of all sizes and across all industries must prioritise the development of a culture of security that extends beyond regulatory compliance and surface-level safeguards. As a result of this, we should invest in continuous monitoring of our systems, employee training, third-party risk assessments, and robust incident response plans to stay on top of the situation. 

To maintain public trust in the security sector, it is equally important to have transparency with stakeholders and to communicate with them promptly both during and after security incidents. Nowadays, complacency is no longer an option in the digital era, which supports nearly every aspect of modern business, and in this era of digital infrastructure, it is not possible to ignore the importance of cyber security, both as a technical necessity as well as as a fundamental component of the operation's resilience and ethical responsibility in the long run. In an era when too many reactive measures have been taken, it is now necessary to define the standard in terms of proactive, strategic, and well-resourced defence mechanisms.
Read more »
User Security
BIMI Data Leak Privacy Data Safety email security Mobile Security Security Bug User Security

Security Expert's Tweet Prompts Significant Modification to Google Email Authentication

 

Google stated last month that Gmail users would start noticing blue tick marks next to brand logos for senders taking part in the program's Brand Indicators for Message Identification. BIMI and its blue tick mark were intended to take a stand against email impersonation and phishing by giving clients further assurance that branded senders are who they say they are.

Less than a month after the launch of BIMI, scammers managed to get beyond its security measures and successfully impersonate companies, sending emails to Google users that claimed to be from the logistics firm UPS. 

Now Google claims that it is tightening its BIMI verification procedure and is blaming an unknown "third-party" for enabling the usage of its services in ways that evaded its security protections and sent faked messages to inboxes. The eye-watering intricacy of the contemporary email environment is demonstrated by the fact that experts claim email providers, including Microsoft, may still be facilitating this kind of behaviour and are not doing enough to solve it. 

Security researchers argue that the way BIMI is being used makes it possible for bad actors to use the system to more effectively spoof well-known businesses, increasing the likelihood that end users may click on a malicious link or open a dubious attachment as part of a phishing assault. 

 
According to the 2023 Verizon Data Breach Investigations Report, phishing accounts for about half of all social engineering attacks and causes tens of millions of dollars in losses each year. A number of protocols, including SPF, DKIM, and others, have been implemented over time to solve email sender verification, but these protocols are insufficient answers that deal with diverse facets of a complicated issue.

By displaying in Gmail the "validated logos" of participating brands and "increasing confidence in the source of emails for recipients," BIMI was developed by an industry working group in 2018 and first adopted by Google in July 2021. The company stated this in its roll-out. The concept was that by requiring the DMARC, SPF, or DKIM email authentication standards, BIMI would provide brand senders an extra level of recognition and confidence. 

It's not surprising that scammers are targeting BIMI, according to Alex Liu, a cybersecurity expert and PhD candidate at the University of California, San Diego, who has investigated the flaws in email verification systems. According to Liu, historically, con artists have been the first to adopt new protocols. She added that it is now the responsibility of companies like Microsoft to secure their mail servers and make sure that BIMI isn't misused.

The controversy over how BIMI is being implemented started with a series of tweets from Chris Plummer, a cybersecurity expert from New Hampshire, who called Google's BIMI implementation potentially "catastrophic" and warned that it could increase the likelihood that users will act on the contents of a message that has been incorrectly verified.

“It was clear in the headers of the message I received that there was some obvious subversion, and Google was not looking far enough back in the delivery chain to see that,” Plummer stated. 

In a study released earlier this year, Liu and a group of co-authors described how mechanisms designed to stop the spoofing of sender domains struggle when confronted with emails that have been forwarded, a technique frequently used by major organisations that rely on BIMI to send bulk emails. 

Plummer discovered the BIMI vulnerability after receiving an email appearing to be from UPS in his Gmail inbox. Something didn't feel right, he told a local news source, and Plummer confirmed that the email was not from UPS. On May 31, he filed a bug complaint with Google, but the firm "lazily" closed it as "won't fix - intended behaviour," Plummer tweeted. "How is a scammer impersonating @UPS in such a convincing way 'intended,'" Plummer wrote in the tweet, which has since been viewed almost 155,000 times.

“The sender found a way to dupe @gmail’s authoritative stamp of approval, which end users are going to trust,” Plummer explained in a subsequent tweet. “This message went from a Facebook account, to a UK netblock, to O365, to me. Nothing about this is legit. Google just doesn’t want to deal with this report honestly.”

The next day, after Plummer filed an appeal, Google switched direction and informed him that it was reviewing his report again. "Thank you so much for pressing on for us to take a closer look at this!" a company wrote in a note, designating the bug a "P1" priority. 

“This issue stems from a third-party security vulnerability allowing bad actors to appear more trustworthy than they are,” a Google spokesperson told CyberScoop, a cybersecurity news portal, in an email Monday. “To keep users safe, we are requiring senders to use the more robust DomainKeys Identified Mail (DKIM) authentication standard to qualify for Brand Indicators for Message Identification (blue checkmark) status.” 

According to a Google representative, the DKIM requirement should be fully implemented by the end of the week. This is a change from the previous policy, which demanded either DKIM or a different standard called the Sender Policy Framework. Both of these standards are used by email providers, among other things, to determine whether incoming email is likely to be spam and to theoretically authenticate that a sender is who they claim to be. Google appreciates Plummer's efforts to draw their notice to the issue, the spokeswoman continued. 

Jonathan Rudenberg, a security researcher, reproduced the BIMI problem using Microsoft 365 by sending counterfeit emails from a Microsoft email system to a Gmail account after Plummer first brought it to their attention on Twitter. Rudenberg then filed a bug report with Microsoft. 

Microsoft, meanwhile, maintains that it is Google's obligation to resolve the issue, not its own. In response to Rudenberg's bug report, Microsoft's Security Response Centre informed Rudenberg that the problem did not pose an immediate threat that requires urgent attention and that the "burden" of guaranteeing security rests with the end-user's email provider, in this case, Google.
Read more »
Subscribe to: Posts (Atom)