Over half a million people impacted by major data breach — full names, SSNs, financial data and more exposed

An open lock depicting a data breach
(Image credit: Shutterstock)

When a company suffers a major data breach, it can be hard to truly assess the full extent of the damage caused. This is why it will often take months if not years to determine the number of people affected which is exactly what happened with Kelly Benefits.

As reported by BleepingComputer, the benefits administration and payroll provider Kelly & Associates Insurance Group, also known as Kelly Benefits, has revealed that the impact of the security incident it experienced between December 12-17 of last year is much worse than originally thought.

Back in April, the company originally said that 32,234 individuals were affected after hackers gained access to its IT systems and stole sensitive files. However, over the course of the past three months, Kelly Benefits has revised this figure multiple times. Now though, it has revealed that 553,660 individuals are at risk as a result of this breach.

Here’s everything you need to know about this major data breach including some tips and tricks to help you to stay safe from hackers if your personal information was compromised.

Impacted companies and compromised data

A hand typing at a computer in a dark room, lit up by the laptop's keyboard LEDs and red LED light

(Image credit: Getty Images)

Even if you’ve never heard of Kelly Benefits before, chances are that a company you do business with relies on its services which include benefits consulting, enrollment technology, payroll administration, carrier management and more.

In fact, in a public data breach notice recently published on its site, the firm explained that a total of 46 companies are impacted as a result of the breach. Here are some of the most popular and well-known ones but you can check the page linked above for the full list:

  • Wawa
  • United Healthcare
  • Aetna Life Insurance Company (CVS Health)
  • Humana Insurance ACE
  • CareFirst BlueCross BlueShield
  • Mutual of Omaha Insurance Company
  • The Guardian Life Insurance Company of America

In addition to that notice, Kelly Benefits also sent out personalized ones (example here) to impacted individuals explaining the specific data types that were compromised. This is because the exposed personal, financial and health info varies per person.

Surprisingly though, as BleepingComputer points out, in its public data breach notice, Kelly Benefits says that the compromised data may include the full names, Social Security numbers, tax ID numbers, dates of birth, medical and health insurance info and financial account info of those caught up in this breach.

With all of that information in hand, the hackers responsible for this data breach could launch targeting phishing attacks, all sorts of different scams or worse, they could try to commit identity theft.

How to stay safe after a data breach

A nervous woman looking at her phone

(Image credit: Shutterstock)

Due to U.S. laws, when a company is hit by a data breach, they have to inform you regarding what type of data was stolen. However, just like when dealing with the IRS, data breach notification letters typically arrive via traditional mail as opposed to in an email, text message or phone call.

If a company you're a customer of does business with Kelly Benefits, then you’re going to want to keep a close eye on your mailbox over the next few days/weeks. The reason being is that your personalized data breach notification letter will let you know exactly what types of your personal, financial or medical data were compromised.

At the same time, Kelly Benefits is offering free access to one of the best identity theft protection services from IDX for affected individuals for a full year. The letter will likely contain an enrollment code that you can use to redeem this offer if you want to take the company up on it. And you should, since identity theft protection services can help you regain your identity after an incident like this one but they can also help you recover any funds lost to fraud as a result of this data breach.

From there, you’re going to want to monitor all of your financial accounts for signs of fraud or abuse. Another step that may be worth taking is to freeze your credit with the three major credit bureaus: Equifax, Experian and TransUnion. This way, cybercriminals with access to this stolen data won’t be able to take out loans in your name.

Even if you try your hardest to avoid falling victim to a data breach, as you see here, you can easily get wrapped up in one as a result of a company you do business with relying on another firm’s services. This is why you need to take action immediately when you learn that your personal or financial information was exposed as the result of a data breach.

Now that cyberattacks and data breaches becoming a much more common occurrence though, you should always carefully monitor your personal and financial accounts for anything amiss since early detection can save you a whole lot of hassle later on.

More from Tom's Guide

Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.