The Target: Kelly Benefits is a provider of benefits consulting, enrollment technology, payroll administration, HRIS, compliance support, and carrier management.
The Take: The data breach notice sent to impacted individuals informs recipients of the specific data types impacted by the breach, which vary per person. However, the general notice published on the site says that the compromised info may contain full names, Social Security number, tax ID number, date of birth, medical information, health insurance information, and financial account information.
The Vector: The Maryland-based health and life insurance agency has issued an update on a security incident it suffered last year between December 12-17, when unauthorized actors breached its IT systems and stole files. On April 9, 2025, the company stated that the incident impacted 32,234 individuals. The figure was revised multiple times until the final tally shared with authorities in the U.S. counted 553,660 individuals.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.