Maryland-based benefits and payroll solutions provider Kelly & Associates Insurance Group (dba Kelly Benefits) has disclosed a data breach impacting more than 260,000 people.
Kelly Benefits provides benefits administration and technology, broker and consulting services, and payroll solutions in Maryland and surrounding states.
A data security notice posted on its website reveals that the company recently detected suspicious activity on its network. An investigation showed that hackers had access to its systems between December 12 and December 17, 2024.
The probe also showed that certain files were exfiltrated during that period, including ones containing personal information such as name, date of birth, SSN, tax ID number, medical information, health insurance information, and financial account information.
Impacted individuals are being notified, with Kelly Benefits sending out notifications on behalf of several impacted customers, including Amergis, Beam Benefits, Beltway Companies, CareFirst, The Guardian Life Insurance Company of America, Intercon Truck of Baltimore, Publishers Circulation Fulfilment, Quantum Real Estate Management, and Transforming Lives.
The company told the Maine Attorney General that the data breach impacts nearly 264,000 people.
While it’s possible that Kelly Benefits has been targeted in a ransomware attack, no known ransomware group appears to have taken credit for the hack. Considering that the incident occured months ago, the company may have paid a ransom to avoid a data leak if it was indeed targeted in a ransomware attack.
SecurityWeek has reached out to the company and will update this article if it responds.
Related: Two Healthcare Orgs Hit by Ransomware Confirm Data Breaches Impacting Over 100,000
Related: Events Giant Legends International Hacked
Related: Ahold Delhaize Confirms Data Stolen in Ransomware Attack
Related: Ransomware Group Claims Hacking of Oregon Regulator After Data Breach Denial
