Benefits Partner Salus Group Data Breach Affects 40K People: SSNs Exposed

On October 9, 2024, Benefits Partner, LLC dba Salus Group experienced a data breach involving unauthorized access to an employee's email account. The company became aware of suspicious activity within the account in October and took steps to secure it. They disabled the affected email account, reset the employee's password, and initiated a detailed investigation with the help of a third-party forensic firm.

The investigation revealed that the unauthorized individual had access to the employee's email account on October 9, 2024. However, investigators could not determine precisely which emails or attachments, if any, were viewed by the unauthorized individual. To address this uncertainty, Salus Group conducted a comprehensive review of the entire email account, carefully examining all emails and attachments to identify any personal information that may have been exposed.

The analysis, completed in late February 2025, showed that the compromised email account contained sensitive personal information for certain individuals. The types of information exposed included personally identifiable information (PII) such as names, dates of birth, Social Security numbers, driver's license numbers, and financial account information. Protected health information (PHI) such as health insurance information and clinical or treatment details were also present in the compromised account.

A disclosure to the Department of Health and Human Services states that 40,177 Americans have been impacted.

Salus Group reported the incident to the state attorney general's offices of Massachusetts, New Hampshire, Texas, Vermont, and Washington beginning on April 8, 2025.

Salus Group's Response

To assist individuals potentially impacted by this breach, Salus Group has established a dedicated toll-free call center at (866) 408-1493, available Monday through Friday from 9:00 a.m. to 6:30 p.m. Eastern Time. They are also offering complimentary credit monitoring and identity protection services through Kroll to all affected individuals. Instructions on how to activate these services are included in the notification letters sent by mail.

Although Salus Group has indicated that there is no evidence of misuse of the exposed information at this time, it is recommended that affected individuals remain vigilant. Individuals should monitor their financial account statements and regularly review their free credit reports for any unauthorized activity. If suspicious activity is detected, individuals should promptly report it to their financial institution and relevant authorities.

Salus Group has implemented additional security controls within their email environment and provided further training to employees on identifying and avoiding suspicious emails. More information about this incident can be found on the Salus Group's security incident page.

More information about the company and its services can be found on the Salus Group's official website.