BenefitElect Data Breach Investigation

Shamis & Gentile P.A., one of the nation's premier class action law firms specializing in data breach cases, is investigating the Coalesce, LLC dba Benefitelect data breach.

If you were affected by the data breach, your sensitive personally identifiable information may have been exposed, and you may be eligible for compensation.

About Coalesce, LLC dba BenefitElect

BenefitElect is based in Bend, Oregon, and has been operating since 1998. The company provides benefits administration and human resources software solutions to employers and HR professionals.

BenefitElect offers services including onboarding, real-time benefits data management and customizable reporting tools. The company’s focus is on automating complex processes to help HR professionals manage benefits programs more efficiently and to encourage employee participation.

What Happened?

In early April 2025, BenefitElect discovered suspicious activity on its systems. On April 2, 2025, the company was alerted to unauthorized access that occurred between March 30, 2025, and March 31, 2025.

The breach was linked to a vulnerability in the CrushFTP system, which allowed a ransomware group known as Kill Security to access and potentially exfiltrate sensitive files. The group even claimed to have obtained the organization's database and threatened to publish it.

So far, the data security incident has impacted at least 1,396 individuals nationwide, including 147 residents of Massachusetts.

Information exposed:

• Names
• Addresses
• Dates of birth
• Social Security numbers
• Financial account information

Beginning in October 2025, the company disclosed the data breach to the Attorney Generals' offices in Massachusetts, California, Oregon and New Hampshire. The U.S. Department of Health and Human Services was also notified.

The company also notified impacted individuals by mail.

Your Rights and Next Steps

If you received a notice from BenefitElect or believe your information may have been involved, there are important steps you can take to protect yourself.

BenefitElect is offering complimentary credit monitoring and identity theft protection services through IDX for a set period at no cost. Impacted individuals are encouraged to enroll in these services promptly.

Additionally, you have the right to:

• Obtain a free copy of your credit report from each of the three major credit bureaus (Equifax, Experian, and TransUnion) every year
• Place a fraud alert or credit freeze on your credit file at no cost to help prevent unauthorized access
• Monitor your bank accounts, credit reports and explanation of benefits for suspicious activity or errors
• File a police report if you suspect identity theft or fraud
• Contact your state attorney general for more information about your rights

It is important to remain vigilant, review account statements regularly and take advantage of the resources and protections available to you.

You May Be Entitled to Compensation

If your information was exposed in the BenefitElect data breach, you may be eligible for compensation. Lawyers are ready to help individuals affected by this incident pursue their rights under the law.

Completing the below form is the first step to joining a potential lawsuit and seeking the compensation you deserve.

Sources

• California Attorney General
• Massachusetts Attorney General
• New Hampshire Attorney General
• Oregon Attorney General
• U.S Department of Health and Human Services
• Coalesce, LLC dba BenefitElect Notice of Data Breach
• Dark Web