Kelly Benefits Data Breach Affects 550,000: Ongoing Investigation Reveals Growing Impact

TL;DR

A data breach at Kelly Benefits has affected 550,000 individuals, with the number continuing to rise as the investigation progresses. The breach, which occurred in December 2024, exposed sensitive personal information, including names, Social Security numbers, and financial data. The company is offering free credit monitoring and identity protection services to those affected.

Main Content

Kelly Benefits Data Breach Overview

Kelly Benefits, a firm specializing in benefits and payroll solutions, has confirmed that a recent data breach has impacted 550,000 individuals. The scale of the breach has expanded significantly as the investigation continues, revealing that more people were affected than initially estimated¹.

Company Background

Kelly Benefits is a U.S.-based company that provides benefits, payroll, and workforce management solutions to businesses. The firm plays a critical role in managing sensitive employee data, making it a target for cyber threats.

Breach Timeline

• December 2024: Hackers gained access to Kelly Benefits’ systems between December 12 and 17, stealing sensitive personal data².
• April 2025: Kelly Benefits disclosed the data breach, initially estimating that nearly 264,000 individuals were affected. The exposed information included names, Social Security numbers, medical data, and financial information².
• May 2025: The company began notifying affected individuals on behalf of multiple customers, including CareFirst, Guardian, and Beam Benefits. The number of impacted individuals grew to 413,032³.
• Late May 2025: The number of affected individuals reached 488,000³.
• June 2025: The latest update revealed that the data breach had affected over 553,660 individuals³.

Maine Residents Notification

On May 2, 2025, Kelly Benefits sent notifications to an additional 135 Maine residents, bringing the total number of notified Maine residents to 7,164. The exposed information for these residents included names, Social Security numbers, and financial account information³.

Company Response

Kelly Benefits has not shared details about the attack, and no ransomware group has claimed responsibility for the intrusion. The company is offering impacted individuals free credit monitoring and identity protection services through IDX. Additionally, Kelly Benefits advises individuals to remain vigilant by regularly monitoring their account statements and credit reports for any suspicious activity³.

Follow for Updates

For the latest updates, follow @securityaffairs on Twitter, Facebook, and Mastodon.

Conclusion

The Kelly Benefits data breach highlights the growing threat of cyber attacks on companies managing sensitive employee data. As the investigation continues, the full extent of the breach remains uncertain. Affected individuals are urged to take protective measures to safeguard their personal information.

Additional Resources

For further insights, check:

• Security Affairs
• Pierluigi Paganini’s LinkedIn

References

1. (July 3, 2025). “Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses”. Security Affairs. Retrieved July 3, 2025. ↩︎

2. (2025). “Kelly Benefits December data breach impacted over 400,000 individuals”. Security Affairs. Retrieved July 3, 2025. ↩︎ ↩︎²

3. (2025). “Kelly Benefits Data Breach Update”. Maine Attorney General. Retrieved July 3, 2025. ↩︎ ↩︎² ↩︎³ ↩︎⁴ ↩︎⁵