Trusteed Plans Service Corporation (TPSC), a Washington-based consumer credit company, experienced a cybersecurity breach where an unauthorized cybercriminal accessed its network. The incident compromised the personally identifiable information (PII) of approximately 20,000 individuals, including highly sensitive data such as dates of birth, Social Security Numbers (SSNs), and health information collected through TPSC’s services to health plans and sponsors. The breach exposed individuals to risks of identity theft, financial fraud, and misuse of health data. Legal firm Lynch Carpenter, LLP is investigating potential claims for compensation on behalf of affected parties, indicating the severity of the data exposure and its legal ramifications. The breach underscores significant failures in TPSC’s cybersecurity defenses, leading to the unauthorized acquisition of critical customer data without evidence of ransomware involvement.
TPRM report: https://www.rankiteo.com/company/trusteed-plans-service-corporation
"id": "tru0702307091825",
"linkid": "trusteed-plans-service-corporation",
"type": "Breach",
"date": "9/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '20,000 individuals',
'industry': 'Financial Services / Health Plan '
'Administration',
'location': 'Washington, USA',
'name': 'Trusteed Plans Service Corporation (TPSC)',
'type': 'Consumer Credit Company'}],
'customer_advisories': 'Affected individuals notified via data breach '
'notification; encouraged to contact Lynch Carpenter, '
'LLP for legal review.',
'data_breach': {'data_exfiltration': 'Potential (accessed but not confirmed '
'exfiltrated)',
'number_of_records_exposed': '20,000',
'personally_identifiable_information': ['Dates of Birth',
'Social Security '
'Numbers',
'Health Information'],
'sensitivity_of_data': 'High (includes SSNs, health data)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_publicly_disclosed': '2025-09-17',
'description': 'Trusteed Plans Service Corporation (TPSC), a Washington-based '
'consumer credit company, announced a cybersecurity incident '
'where a cybercriminal accessed its network and potentially '
'exposed personally identifiable information (PII), including '
'dates of birth, Social Security Numbers, and health '
'information of approximately 20,000 individuals. Lynch '
'Carpenter, LLP is investigating claims for compensation '
'related to this breach.',
'impact': {'brand_reputation_impact': 'Potential (under investigation by '
'Lynch Carpenter, LLP)',
'data_compromised': ['Dates of Birth',
'Social Security Numbers',
'Health Information'],
'identity_theft_risk': 'High (PII exposed)',
'legal_liabilities': 'Potential (class action investigation '
'ongoing)'},
'initial_access_broker': {'high_value_targets': ['PII (SSNs, health data)']},
'investigation_status': 'Ongoing (legal investigation by Lynch Carpenter, '
'LLP)',
'references': [{'date_accessed': '2025-09-17',
'source': 'Globe Newswire Press Release'},
{'source': 'TPSC Official Website',
'url': 'https://www.tpscbenefits.com/'},
{'source': 'Lynch Carpenter, LLP Investigation Page',
'url': 'https://www.lynchcarpenter.com'}],
'regulatory_compliance': {'legal_actions': 'Class action investigation by '
'Lynch Carpenter, LLP'},
'response': {'communication_strategy': 'Public disclosure via Globe Newswire; '
'legal firm (Lynch Carpenter, LLP) '
'investigating claims and notifying '
'affected individuals.'},
'threat_actor': 'Cybercriminal hacker',
'title': 'TPSC Data Breach Impacting Personal Information of 20,000 '
'Individuals',
'type': 'Data Breach'}