Strauss Borrelli PLLC, a leading data breach law firm, is investigating the Rumpke Consolidated Companies, Inc. (“Rumpke”) regarding its recent data breach. The Rumpke data breach may have involved sensitive personal information and protected health information belonging to almost 17,000 individuals.
ABOUT RUMPKE CONSOLIDATED COMPANIES, INC.:
Rumpke is a waste and recycling company based in Ohio. Founded in 1932, Rumpke is one of the nation’s largest privately-owned residential, commercial, and industrial waste and recycling firms, providing service to areas of Ohio, Kentucky, Indiana and West Virginia.3 Today, Rumpke operates 14 landfills, 12 recycling facilities and more than 20 transfer stations in its service footprint as well as solutions for various waste streams.4 Rumpke divisions include Rumpke Recycling, Rumpke Portable Restrooms, The William-Thomas Group, Rumpke Hydraulics, and Rumpke Haul-it-Away.3 Headquartered in Cincinnati, Ohio, Rumpke employs over 1,000 individuals.
WHAT HAPPENED?
Recently, Rumpke reported to the Attorney General of Maine that it had experienced a data breach in which sensitive personal identifiable information and protected health information in its systems may have been accessed and acquired. According to the breach notice, on October 11, 2024, Rumpke was alerted to a dark web posting by an attacker claiming to have accessed and removed data from its IT systems.1 As a result, Rumpke launched an investigation to determine the nature of the incident.
Through its investigation, Rumpke confirmed that sensitive personal information belonging to employees, their dependents, and Rumpke’s health plan in its systems may have been viewed and obtained by an unauthorized third party using a compromised user account beginning on July 20, 2024. As a result, Rumpke began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Social Security number
- Date of birth
- Address
- Phone number and email address
- Driver’s license or state or other ID number
- Financial account information
- Health information (e.g., diagnosis information and codes)
- Health insurance information (e.g., health plan enrollment and account information)
- Health billing and payment data (e.g., claim numbers, account numbers, billing codes, payment amounts, balance information)
On December 10, 2024, Rumpke began mailing data breach notification letters to impacted individuals. Based on the breach notice sent to Maine residents, Rumpke is providing affected individuals with a list of the specific types of sensitive information impacted and 24 months of complimentary credit monitoring services. A link to the form breach notification letters that Rumpke filed with the Attorney General of California is below.
If you received a breach notification letter from Rumpke Consolidated Companies, Inc.:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
