Benefits and payroll solutions firm Kelly & Associates Insurance Group (dba Kelly Benefits) has revealed that the impact of a recently disclosed data breach is significantly bigger than initially believed.
Kelly Benefits provides benefits administration, broker, and payroll solutions in Maryland and surrounding states. The company revealed last month that it was targeted by hackers in December 2024.
An investigation showed that the attackers managed to exfiltrate personal information during a five-day period, including name, SSN, date of birth, tax ID number, health insurance and medical information, as well as financial account information.
The company has been notifying impacted individuals, including on behalf of several affected customers such as Amergis, Beam Benefits, Beltway Companies, CareFirst, The Guardian Life Insurance Company of America, Intercon Truck of Baltimore, Publishers Circulation Fulfilment, Quantum Real Estate Management, and Transforming Lives.
Kelly Benefits is telling affected people that its review of stolen files was completed in early March, but the impact of the incident keeps growing.
The company initially told the Maine Attorney General’s Office in early April that the data breach affected roughly 32,000 people. Ten days later, the Maine AGO was told that approximately 260,000 people were hit. Its latest notification to the AGO shows that the impact of the incident has grown to more than 413,000 individuals.
It’s unclear whether Kelly Benefits was targeted in a ransomware attack. No known ransomware group appears to have taken credit for the attack.
Related: Nova Scotia Power Says Hackers Stole Customer Information
Related: Ascension Discloses Data Breach Potentially Linked to Cleo Hack
Related: 4 Million Affected by VeriSource Data Breach
Related: African Telecom Giant MTN Group Discloses Data Breach
