Personal information belonging to nearly half a million individuals is believed to have been compromised in a massive data breach at Kelly Benefits, a payroll and benefits solutions provider operating out of Maryland.
The breach, which took place in December 2024, was revealed by the Maine Attorney General’s Office. In early April, it was originally reported that approximately 32,000 people had been affected. That number has now been dramatically revised, with the total estimate as high as 410,000.
Wide-ranging data breaches routinely plague companies that process sensitive customer information. Often, the consequences are grave, with several high-profile incidents in recent years that resulted in companies going into liquidation. Despite this, the tech landscape is failing to invest the requisite time and resources into remedying the situation, which threatens to spiral out of control.
Kelly Benefits Customer Data Exposed in Massive Cyberattack
More than 410,000 individuals – and counting – are thought to have been affected by a data breach at Kelly Benefits. The payroll and benefits company, which is based in Maryland, publicly disclosed the news in April, but the number of victims that it originally quoted was far too low. Revised estimates have seen that figure dramatically increase.
This just in! View
the top business tech deals for 2025 👨💻
Reportedly, the breach took place between December 12 and December 17, 2024. Kelly Benefits later became aware of the breach, conducting a “time-intensive and detailed review of all files affected by this event.” The internal investigation was concluded on March 3, 2025.
In the above time period, cybercriminals gained access to the business’s computer systems, accessing and exfiltrating files containing “highly sensitive” customer information.
Full Cost of Breach Not Yet Clear
At this point, it is not clear whether or not the attack forms part of a wider ransomware plot. No such group has claimed responsibility and no demands have yet been issued. Compromised data is thought to include names, Social Security numbers, dates of birth, tax ID numbers, financial account information, health insurance information, and medical information.
Several class action lawsuits have already been brought against the company, with victims alleging that it “failed to protect the personal information of thousands of people.” To try and remedy the situation, Kelly Benefits is offering those affected one year of free credit monitoring and identity protection services.
In the coming weeks and months, the true cost to the company will become a lot more clear. As reported by Reuters in December 2024, the average cost of a data breach had hit a “staggering” $4.99 million, representing a 10% increase on the preceding year.
Tech Landscape Failing Basic Cybersecurity Duties
In 2025, data breaches have reached scarcely believable levels. Companies report extensive cyberattacks on a near-daily basis – the consequences of which are often severe. While the financial repercussions can be damaging, it is the long-term consequences that prove terminal for so many. Even if a company manages to shoulder the immediate penalties, its reputation is often irreparably tarnished.
Seemingly, these warnings are falling on deaf ears. While the situation is getting worse, companies everywhere are neglecting even their most basic duties. A recent report from Trend Micro found that a shocking 78% of data breaches in the past quarter were the result of preventable vulnerabilities.
With AI continuing its rapid development, the threat landscape is evolving before our eyes. To prevent this situation from spiraling out of control, companies need to address how they deal with cyber threats. Clearly, our current approach isn’t working.
