Benefitelect Data Breach Exposes Social Security Numbers

On April 2, 2025, Coalesce LLC dba BenefitElect, an Oregon-based benefits administration and HR software provider, discovered suspicious activity within its systems that exposed personally identifiable information (PII) of at least 1,396 individuals, including 147 residents of Massachusetts.

The company determined that an unauthorized actor exploited a vulnerability in CrushFTP software, allowing files to be accessed and exfiltrated between March 30, 2025, and March 31, 2025. The ransomware group Kill Security later claimed responsibility for the breach, stating on a dark web forum that they had obtained BenefitElect’s database and intended to publish it within a week.

A thorough investigation, aided by third-party cybersecurity specialists, revealed that the compromised files contained sensitive benefits eligibility and onboarding census information including names, addresses, dates of birth, social security numbers and financial account information.

Beginning in October 2025, the company disclosed the data breach to the Attorneys General offices in Massachusetts, California, Oregon and New Hampshire. The U.S Department of Health and Human Services have also released a disclosure on October 15, 2025.

BenefitElect's response

The company publicly acknowledged the incident and provided a detailed security incident notice on its website. Impacted individuals have been notified by mail.

To support those affected, BenefitElect is offering complimentary credit monitoring and identity theft protection services through IDX. Impacted individuals received instructions and an enrollment code to activate these services. BenefitElect is encouraging everyone affected to remain vigilant by monitoring account statements, reviewing credit reports and enrolling in the provided identity protection services.

Given the nature of the breach, a ransomware attack involving the exfiltration of files containing sensitive PII and financial information, affected individuals should consider placing a fraud alert or credit freeze with the major credit bureaus.

Regularly reviewing credit reports and promptly reporting any suspicious activity are also recommended steps.