Kelly Benefits Reports Data Theft After Unauthorized Network Access
Kelly & Associates Insurance Group, Inc. (Kelly Benefits) disclosed that an unauthorized party accessed its environment between December 12 and December 17, 2024 and copied certain files from its systems. The company said it engaged third-party forensic specialists to investigate, completed its review of the affected files on March 3, 2025, and determined that the compromised data included individuals’ names along with additional, unspecified data elements. Kelly Benefits also reported the incident to the FBI and said it notified affected data owners and impacted individuals.
The breach notices say Kelly Benefits is offering complimentary IDX credit monitoring and identity protection services to affected people, with enrollment available until September 30, 2025. The company’s notices also direct recipients to consider fraud alerts, credit freezes, and ongoing credit report monitoring, and one state filing indicated that about 14 Rhode Island residents were affected.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Kelly Benefits reports incident to FBI and notifies affected parties
After determining the scope of the breach, Kelly Benefits reported the incident to the Federal Bureau of Investigation, notified affected data owners, and began offering impacted individuals complimentary IDX credit monitoring and identity protection services.
Kelly Benefits completes review of affected files
On March 3, 2025, Kelly Benefits completed its review of the impacted files and determined that they contained affected individuals' names and additional unspecified data elements.
Unauthorized access at Kelly Benefits leads to file theft
Kelly & Associates Insurance Group, Inc. (Kelly Benefits) identified unauthorized access to its environment between December 12 and December 17, 2024, during which certain files were copied and taken.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
5 references tracked. Mallory keeps watching after this page renders.
Delaware Ag Data Breaches
attorneygeneral.delaware.gov
Open sourceDelaware Ag Data Breaches
attorneygeneral.delaware.gov
Open sourceOag Ca
oag.ca.gov
Open sourceOag Ca
oag.ca.gov
Open sourceOag Ca
oag.ca.gov
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Artisans’ Bank and Harvard Pilgrim disclose breaches exposing personal data
Artisans’ Bank disclosed a data security incident after detecting suspicious activity in an employee email account on March 20, 2024 and determining that an unauthorized actor had access to a limited number of employee mailboxes between January 24 and March 20, 2024. The bank said the exposed information varied by individual and may have included names and other personal data found in affected emails and files; by May 30, 2024, it concluded that some individuals’ information was potentially accessed or acquired. Artisans’ Bank said it secured its email tenant, reviewed relevant content to identify affected people, and offered **24 months** of complimentary Experian IdentityWorks credit monitoring and identity restoration services, while stating it had no indication of identity theft or fraud tied to the incident at the time of notice. Harvard Pilgrim Health Care separately disclosed a ransomware-related breach affecting systems used to service members, accounts, brokers, and providers after discovering the incident on April 17, 2023. The insurer said an unauthorized party copied data from its systems between March 28 and April 17, 2023, and later determined by August 18, 2024 that the affected files may have contained personal information and protected health information. Harvard Pilgrim said it took systems offline, notified law enforcement and regulators, engaged third-party cybersecurity experts, implemented additional safeguards, and offered **two years** of IDX credit monitoring and identity protection services; it also said it was not aware of misuse of the impacted information when the notice was issued.
May 24, 2026
Navia Benefit Solutions Breach Exposes Data on 2.7 Million Benefits Enrollees
Navia Benefit Solutions, a Washington-based third-party workplace benefits administrator serving more than 10,000 U.S. employers, disclosed a cyberattack that gave unauthorized actors read-only access to its network between **December 22, 2025, and January 15, 2026**. The company said the breach may have affected **2,697,540 individuals** and exposed a broad set of personal and benefits data, including names, dates of birth, Social Security numbers, phone numbers, email addresses, and enrollment information tied to **FSA, HRA, and COBRA** accounts, with some records reportedly dating back to 2018. Navia detected suspicious activity on January 23 and said it notified federal law enforcement and regulators, including the **U.S. Department of Health and Human Services**, in a breach reportable under **HIPAA**. Notification letters began going out on March 18 after a substitute notice was posted on March 13, and the company is offering **12 months of credit monitoring and identity theft protection** through Kroll. One confirmed affected client, the **Washington State Health Care Authority**, said the incident involved records spanning seven years for tens of thousands of **PEBB, SEBB, and COFA** members, as well as data linked to 37 school districts; Navia has not said ransomware was involved and no ransomware group has claimed the attack.
Mar 25, 2026
Delayed patient notifications following healthcare data breaches at providers and vendors
Multiple healthcare organizations and vendors reported **delayed patient notifications** after discovering unauthorized access to protected health information (PHI), in some cases more than a year after the underlying compromise. In Colorado, **Alpine Ear, Nose, and Throat (Alpine ENT)** notified **65,648** individuals that an attacker accessed and exfiltrated files containing PHI in an incident identified on **Nov. 19, 2024**; the **BianLian** ransomware group later claimed responsibility and posted the organization to its leak site. Exposed data was described as highly sensitive, including medical information and, for some individuals, **financial account data and payment card details** (including CVC/expiration) and **Social Security numbers**; Alpine ENT reported no confirmed identity theft at the time of notification and offered credit monitoring. Separately, **Bayada Home Health Care** disclosed exposure risk tied to a **third-party vendor (Doctor Alliance)** after Doctor Alliance reported unauthorized network access during **Oct.–Nov. 2025**, potentially affecting Home Health Certification and Plan of Care forms containing patient identifiers and clinical/insurance details (and **SSNs for a subset**). Bayada said it discontinued using Doctor Alliance and reported the matter to regulators. In another vendor-related incident, **TriZetto Provider Solutions (Cognizant)**—an insurance verification provider—suffered a cyberattack impacting PHI across multiple states; Oregon providers began notifying additional patients after the breach was reported as occurring in **Nov. 2024** but not discovered until **Oct. 2, 2025**, with no financial data reportedly compromised and no evidence of misuse so far; the incident has prompted **class-action lawsuits**, engagement of **Mandiant**, and law enforcement notification.
Mar 21, 2026