On December 26, 2024, Trusteed Plans Service Corporation (TPSC), a third-party administrator for employee benefit plans, suffered a data breach exposing sensitive personal and health information of **1,099 Skagit County employees**. The compromised data included **names, Social Security numbers, full dates of birth, health insurance policy/ID numbers, and medical records**. The breach was not publicly disclosed until **September 8, 2025**, nearly nine months later.The incident posed severe risks, as the exposed data could facilitate **identity theft, financial fraud, and medical fraud**. Affected individuals were advised to monitor credit reports, scrutinize health insurance statements for unauthorized claims, and remain alert for phishing attempts. The breach’s delayed disclosure further heightened concerns about transparency and response effectiveness. Given the **highly sensitive nature of the leaked information**, the incident represents a critical failure in data protection, potentially leading to long-term reputational and financial harm for both TPSC and Skagit County.
Source: https://www.claimdepot.com/data-breach/skagit-county-2025
TPRM report: https://www.rankiteo.com/company/trusteed-plans-service-corporation
"id": "tru2302423091125",
"linkid": "trusteed-plans-service-corporation",
"type": "Breach",
"date": "12/2024",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '1,099 (employees of Skagit '
'County)',
'industry': 'Employee Benefit Plans',
'name': 'Trusteed Plans Service Corporation (TPSC)',
'type': 'Third-Party Administrator'},
{'customers_affected': '1,099 employees',
'industry': 'Public Administration',
'location': 'Washington, USA',
'name': 'Skagit County',
'type': 'Government (County)'}],
'customer_advisories': 'Affected individuals were notified with '
'recommendations for vigilance (credit monitoring, '
'fraud alerts, etc.)',
'data_breach': {'data_exfiltration': 'Likely (data was exposed)',
'number_of_records_exposed': '1,099',
'personally_identifiable_information': ['Names',
'Social Security '
'numbers',
'Full dates of birth',
'Health insurance '
'policy or ID '
'numbers'],
'sensitivity_of_data': 'High (includes SSNs, medical data, '
'and full dates of birth)',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2024-12-26',
'date_publicly_disclosed': '2025-09-08',
'description': 'On Dec. 26, 2024, Trusteed Plans Service Corporation (TPSC), '
'a third-party administrator specializing in employee benefit '
'plans, experienced a data breach that exposed sensitive '
'personal and health information of 1,099 employees of Skagit '
'County in Washington state. The breach included names, Social '
'Security numbers, full dates of birth, health insurance '
'policy or ID numbers, and medical information. The incident '
'was publicly disclosed on Sept. 8, 2025, via a notification '
'to the Washington Attorney General.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive personal and '
'health data',
'data_compromised': ['Names',
'Social Security numbers',
'Full dates of birth',
'Health insurance policy or ID numbers',
'Medical information'],
'identity_theft_risk': 'High (due to exposure of SSNs and medical '
'data)'},
'investigation_status': 'Ongoing or undisclosed (specific breach method not '
'detailed)',
'recommendations': ['Monitor credit reports for unauthorized activity',
'Watch for suspicious emails, phone calls, or mail '
'(phishing/identity theft risks)',
'Review health insurance statements for unfamiliar '
'medical claims',
'Consider placing a fraud alert or security freeze on '
'credit files'],
'references': [{'source': 'Washington Attorney General’s Data Breach '
'Notification'}],
'regulatory_compliance': {'regulatory_notifications': 'Washington Attorney '
'General (data breach '
'notification)'},
'response': {'communication_strategy': 'Notification to affected individuals '
'and state disclosure (Washington '
'Attorney General)',
'incident_response_plan_activated': 'Yes (notification to '
'affected individuals and '
'state disclosure)'},
'title': 'Data Breach at Trusteed Plans Service Corporation (TPSC) Affecting '
'Skagit County Employees',
'type': 'Data Breach'}