Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Kelly Benefits. Show all posts
Kelly Benefits
CareFirst Cyberattacks CyberCrime CyberThreat Cyersecurity Data Breach Data Leak Privacy data threat Google Quantum Kelly Benefits

Data Breach Exposes Personal Information of Hundreds of Thousands

 


Several cybersecurity incidents have recently come to light, revealing the growing vulnerabilities that organisations face when handling large amounts of personal data. A significant data breach has occurred at Kelly & Associates Insurance Group, which operates under the name Kelly Benefits. 

In the event of unauthorised access to Kelly Benefits' internal systems, the company confirms that it has compromised the personal information of over 410,000 individuals, which exceeds any earlier estimates that it had. Kelly & Associates Insurance Group, Inc. has been causing serious concern in the benefits administration industry for several years now due to an unfortunate development involving data security. 

Kelly Benefits, the company that operates under the name Kelly Benefits, has reported a major cybersecurity incident that has affected over 413,000 employees nationwide. It is important to note that a Maryland-based company providing payroll processing, benefits administration, and human resources services in December 2024 uncovered unusual activity in its IT systems, which led to a comprehensive internal investigation being initiated immediately. 

As a result of unauthorised access to the company's network between December 12 and December 17, 2024, cybercriminals were able to exfiltrate sensitive personal data from the company's network for five days between December 12 and December 17, 2024. A detailed forensic analysis completed by Kelly Benefits on March 3, 2025, revealed that the scope of the attack was significantly greater than initially believed. This incident is not only a reminder of the vulnerability within corporate infrastructures but also illustrates the need for enhanced cybersecurity protocols in industries that handle large amounts of private information, such as the medical and pharmaceutical industries. 

Further investigation into the breach revealed that the cybercriminals were able to exfiltrate highly sensitive personal data during the five-day intrusion. The compromised information includes individuals’ full names, Social Security numbers, dates of birth, taxpayer identification numbers, health insurance and medical details, as well as financial account information. 

The scope of the data accessed underscores the seriousness of the breach and its potential long-term impact on those. In response to the events, Kelly Benefits has begun notifying the people impacted, both directly and on behalf of several partner organisations that are also impacted. Amergis, Beam Benefits, Beltway Companies, CareFirst, The Guardian Life Insurance Company of America, Intercon Truck of Baltimore, Publishers Circulation Fulfilment, Quantum Real Estate Management, and Transforming Lives are just a few of the companies that have been impacted. 

Over time, the breach has taken on a significantly larger scope than it started with. On April 9, 2025, the company reported to the Maine Attorney General’s Office that approximately 32,000 people had been affected by the incident, but this number was revised ten days later to more than 260,000 people. Over 413,000 individuals have been confirmed to have been affected by the incident as of the latest notification — a number that will continue to rise as additional reviews take place. 

Even though Kelly Benefits had finished its internal file review in early March, the full extent of the breach is still unfolding. At this time, it is unclear if the attack involved ransomware, since no known ransomware groups have claimed responsibility for the attack. As the reported figures continue to rise, along with the addition of new client organisations that have been affected, it is becoming increasingly apparent that the breach is both complex and potentially expanding. 

With an unprecedented rise in data breaches reported on an almost daily basis across a broad range of industries in the year 2025, organisations across industries are experiencing a surge in data breaches. There can be substantial financial losses as a result of such attacks, but it is often the enduring reputational damage that can prove the most detrimental. For some companies, long-term trust losses among clients, partners, and the public can be difficult to recover from, even when the initial fallout has been handled.

Although awareness of the issue is on the rise, a troubling pattern of negligence continues to persist. Trend Micro has recently published a report that revealed that 78% of data breaches in the previous quarter were the result of preventable vulnerabilities—the evidence pointing to the fact that many organisations are still failing to implement even the most basic cybersecurity measures. Because artificial intelligence continues to evolve and alter the digital threat landscape, it becomes increasingly difficult to detect cyber threats as they become more sophisticated. 

The current state of cybersecurity is likely to worsen without a strategic and proactive shift in how businesses approach cybersecurity. Current defences are showing signs of inadequacy, and organisations will have to take meaningful actions to prevent further damage. As the Kelly Benefits incident indicates, cybersecurity is no longer an afterthought within an organisation and can no longer be treated as a secondary function. 

In today's cybersecurity-driven world, businesses of all sizes and across all industries must prioritise the development of a culture of security that extends beyond regulatory compliance and surface-level safeguards. As a result of this, we should invest in continuous monitoring of our systems, employee training, third-party risk assessments, and robust incident response plans to stay on top of the situation. 

To maintain public trust in the security sector, it is equally important to have transparency with stakeholders and to communicate with them promptly both during and after security incidents. Nowadays, complacency is no longer an option in the digital era, which supports nearly every aspect of modern business, and in this era of digital infrastructure, it is not possible to ignore the importance of cyber security, both as a technical necessity as well as as a fundamental component of the operation's resilience and ethical responsibility in the long run. In an era when too many reactive measures have been taken, it is now necessary to define the standard in terms of proactive, strategic, and well-resourced defence mechanisms.
Read more »
User Privacy
Data Breach Data Leak IT Infrastructure Kelly Benefits User Privacy

Kelly Benefits Data Leak Affects 260,000 People

 

A Maryland-based outsourced benefits and payroll manager is notifying nine large customers and nearly 264,000 individuals that their private and sensitive data may have been compromised in a December hack. The number of impacted people has increased by eight-fold since Kelly & Associates Insurance Group, also known as Kelly Benefits, published an estimate of the hack's scope earlier this month. 

The company's current total of 263,893 affected persons is far higher than the 32,234 initially reported on April 9 to state regulators and the US Department of Health and Human Services as a HIPAA breach. 

The benefits company announced that it is sending breach notices to impacted individuals on behalf of nine clients: Amergis, Beam Benefits, Beltway Companies, CareFirst BlueCross BlueShield, Guardian Life Insurance Co., Intercon Truck of Baltimore, Publishers Circulation Fulfilment, Quantum Real Estate Management, and Transforming Lives. 

Kelly Benefits declined to comment, citing "the sensitive nature of the incident and subsequent investigation.” An investigation following the incident revealed that unauthorised access to the company's IT infrastructure occurred between December 12 and December 17, 2024. The company claimed that throughout that period, the attackers copied and stole specific files.

"Kelly Benefits then began a time-intensive and detailed review of all files affected by this event to determine what information was present in the impacted files and to whom it related," the company noted. It analysed internal records to match the individual with the relevant client or carrier. 

Individuals' information compromised in the event varies, but it could include their name, Social Security number, date of birth, medical information, health insurance information, or financial account information.

Kelly Benefits informed the FBI about the incident. This company stated that it is still reviewing its security policies, procedures, and technologies. At the time of writing, at least one proposed federal class action lawsuit against Kelly Benefits was filed in connection with the hacking incident. The lawsuit claims Kelly Benefits was negligent in failing to safeguard sensitive personally identifying information from unauthorised access.

"Even with several months of credit monitoring services, the risk of identity theft and unauthorized use of plaintiff's and class members' PII is still substantially high. Cybercriminals need not harvest a person's Social Security number or financial account information in order to commit identity fraud or misuse plaintiffs and the class's PII," the lawsuit notes. "Cybercriminals can cross-reference the data stolen from the data breach and combine with other sources to create 'Fullz' packages, which can then be used to commit fraudulent account activity on plaintiff and the class's financial accounts."
Read more »
Subscribe to: Posts (Atom)