Hackers slipped into a major benefits firm’s network, stealing data of nearly half a million Americans.
Kelly & Associates Insurance Group, Inc. (“Kelly Benefits”), a firm specializing in employee benefits enrollment, has confirmed it was the target of a cyberattack that compromised sensitive client data.
The Maryland-based firm dropped the news in a notice to clients, stating they first clocked “suspicious activity” on March 3rd, 2025. According to a filing with the Maine Attorney General’s office, 413,032 people got dragged into trouble.
The company’s internal investigation confirmed that a threat actor gained access to their network between December 12th and December 17th, 2024, and “copied and taken” certain files.
The breached information included clients’ names, Social Security numbers (SSN), and financial account information.
The stolen data is basically a starter pack for identity theft, as the stolen SSNs can be used to commit various types of fraud. The snatched data could also assist attackers in crafting legitimate-looking phishing campaigns.
The firm advises customers to stay vigilant for any unsolicited activities in their accounts. Kelly Benefits has also offered affected individuals free credit monitoring and identity theft protection services for 12 months.
“We will continue to review our already robust security policies, procedures, and tools as part of our ongoing commitment to information security,” wrote the company in a notice.
Your email address will not be published. Required fields are markedmarked