Kelly Benefits, a major provider of payroll and benefits administration services, has confirmed a significant data breach affecting nearly 264,000 people. If you work in HR, IT, or security, especially in companies relying on third-party providers for sensitive operations, this incident highlights serious risks you’ll want to pay attention to.

The Maryland-based company disclosed that hackers had unauthorized access to its systems between December 12 and December 17, 2024. During that window, attackers exfiltrated files containing highly sensitive personal information, including: Names, Dates of birth, Social Security Numbers (SSNs), Tax ID numbers, Medical and health insurance information, and Financial account details.

Kelly Benefits isn’t just dealing with its own data. It services a wide range of customers, and the breach impacts individuals tied to organizations like:

• Amergis
• Beam Benefits
• Beltway Companies
• CareFirst
• The Guardian Life Insurance Company of America
• Intercon Truck of Baltimore
• Publishers Circulation Fulfilment
• Quantum Real Estate Management
• Transforming Lives

Kelly Benefits is handling notification efforts on behalf of these clients, but if your organization or your employees are connected to any of these names, it’s time to get proactive.

While there’s no confirmed link to a ransomware group yet, the timeline raises eyebrows. The breach occurred months ago and there’s no public leak of the stolen data. In cases like this, it’s possible (though unconfirmed) that a ransom was quietly paid to prevent public exposure.

This matters because it underscores a growing trend: Not all ransomware attacks are loud anymore. Increasingly, threat actors steal data, extort companies behind closed doors, and avoid the spotlight.