Kelly Benefits, a Maryland-based firm known for payroll and benefits administration, has reported a major data breach impacting over 260,000 individuals. The breach, which occurred in December 2024, remained under wraps until a recent public disclosure revealed just how widespread the exposure was.
The company, which also operates under the name Kelly & Associates Insurance Group, detected unusual activity within its network late last year. After launching an internal investigation, the firm confirmed that attackers had gained unauthorized access to its systems between December 12 and December 17, 2024.
During that five-day window, cybercriminals managed to extract sensitive files containing personal details. This data includes names, dates of birth, Social Security numbers, taxpayer identification numbers, medical and health insurance information, and even financial account data. In short, this breach exposed a wide range of personally identifiable information (PII) and financial details that could be exploited.
Kelly Benefits serves a diverse client base across Maryland and nearby regions. The company has begun notifying those affected, including individuals tied to organizations such as Amergis, Beam Benefits, CareFirst, The Guardian Life Insurance Company of America, Beltway Companies, Intercon Truck of Baltimore, Quantum Real Estate Management, Publishers Circulation Fulfilment, and Transforming Lives.
In a filing with the Maine Attorney General’s Office, Kelly Benefits confirmed that 263,783 people were impacted. While the firm hasn’t disclosed whether ransomware was involved, the absence of public claims from known ransomware gangs has raised eyebrows. Given the timeline and silence, it’s possible the company negotiated privately with attackers to prevent a broader data leak—a tactic increasingly seen in ransomware incidents.
So far, Kelly Benefits has not released further details about how the breach occurred or the security measures it has since implemented. However, the company emphasized that it is working with cybersecurity experts to assess the damage, fortify its systems, and prevent future attacks.
With the growing frequency of cyberattacks targeting payroll and HR service providers, this incident highlights the critical need for robust data security protocols. For affected individuals, the risk of identity theft or financial fraud remains a real concern, and many will likely seek credit monitoring and other protective measures.
