Rumpke Settles Employee Data Breach Lawsuit After 2024 Ransomware Attack
Waste management company Rumpke has agreed to a $750,000 settlement in a class-action lawsuit filed by employees over a ransomware attack that exposed terabytes of sensitive data. The breach, which occurred in October 2024, compromised the personal information of nearly 17,000 current and former employees, including Social Security numbers and other identifying details.
According to the mid-November settlement agreement in Hamilton County Common Pleas Court, the attack resulted in the theft of over 3 terabytes of data. While Rumpke denies any wrongdoing, the company acknowledged the breach and stated that its investigation found no evidence of customer payment data being affected or misuse of the stolen employee information.
Eligible employees will receive up to $5,000 in reimbursement for breach-related losses, a cash payment of up to $475, and one year of identity theft and credit monitoring. Notifications will be sent by mail, with final approval of the settlement expected at an April 16 hearing, pending no objections.
The lawsuit alleged that Rumpke failed to implement adequate cybersecurity measures and only detected the attack after ransom demands were made. This incident follows a string of recent cyberattacks on local governments and healthcare providers, including the City of Middletown and Kettering Health, which disrupted services and led to follow-on scams.
The FBI reported that cybercriminals stole a record $16.6 billion from Americans in 2024, underscoring the growing threat of ransomware and data breaches.
Rumpke Waste & Recycling cybersecurity rating report: https://www.rankiteo.com/company/rumpke
"id": "RUM1768350699",
"linkid": "rumpke",
"type": "Ransomware",
"date": "1/2026",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '17000',
'industry': 'Waste Management',
'location': 'Hamilton County, Ohio, USA',
'name': 'Rumpke',
'type': 'Company'}],
'customer_advisories': 'Public statement confirming customer payment '
'information was not impacted',
'data_breach': {'data_exfiltration': 'Yes (3 terabytes of data taken)',
'number_of_records_exposed': '17000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (Social Security numbers, '
'personally identifiable information)',
'type_of_data_compromised': 'Employee personal information'},
'date_detected': '2024-10',
'date_publicly_disclosed': '2024-11',
'description': 'Rumpke is settling a class-action lawsuit after several '
'employees allege a cyberattack stole terabytes of their '
'information from company servers. The employee files, which '
"include employees' social security numbers and other "
'personally identifying information, were accessed during the '
'data breach around October 2024.',
'impact': {'data_compromised': '3 terabytes',
'financial_loss': '750000',
'identity_theft_risk': 'High',
'legal_liabilities': 'Class-action lawsuit settlement',
'payment_information_risk': 'None (customer payment information '
'not impacted)'},
'investigation_status': 'Completed (no evidence of data misuse found)',
'lessons_learned': 'Failure to implement reasonable cybersecurity measures '
'and delayed detection of malicious activity',
'motivation': 'Financial gain',
'post_incident_analysis': {'corrective_actions': 'Settlement fund, identity '
'theft protection, and '
'credit monitoring for '
'affected employees',
'root_causes': 'Inadequate cybersecurity measures '
'and delayed detection of malicious '
'activity'},
'ransomware': {'data_exfiltration': 'Yes'},
'references': [{'date_accessed': '2024-11',
'source': 'Hamilton County Common Pleas Court Settlement '
'Agreement'}],
'regulatory_compliance': {'legal_actions': 'Class-action lawsuit'},
'response': {'communication_strategy': 'Public statement via senior vice '
'president for communications'},
'title': 'Rumpke settles lawsuit over employee data stolen in cyberattack',
'type': 'Ransomware'}