Strauss Borrelli PLLC, a leading data breach law firm, is investigating Carruth Compliance Consulting, Inc. (“Carruth”) regarding its recent data breach. The Carruth data breach may have involved sensitive personal information belonging to an unknown number of individuals.
ABOUT CARRUTH COMPLIANCE CONSULTING, INC.:
Carruth is a third-party administrative provider based in Oregon. As such, it offers services to public school districts and non-profit organizations for their 403(b) and 457(b) retirement savings plans.1
WHAT HAPPENED?
Recently, Carruth announced that it had experienced a data breach in which sensitive personal identifiable information in its systems may have been accessed. According to the breach notice, on or around December 21, 2024, Carruth became aware of suspicious activity that impacted the operability of certain computer systems in its environment.1 As a result, Carruth launched an investigation to determine the nature of the incident.
Through its investigation, Carruth confirmed that sensitive personal information belonging to employees of its clients may have been compromised by an unauthorized third party between December 19 and December 26, 2024. As a result, Carruth began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Social security number
- Financial account information
- Driver’s license number
- W-2 information
- Medical billing information
- Tax filings
As a result of the data breach, Carruth posted a notice of the incident on its website. Based on the website breach notice, Carruth is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services. A link to the form breach notification that Carruth posted to its website is below.
Additionally, school organizations whose employees were affected by the Carruth breach began mailing notification on February 28, 2025. The related entities that reported to the Attorney Generals of Maine, Montana, Vermont, and/or the Commonwealth of Massachusetts are:
- Banks School District #13
- Bend-La Pine School District
- Bethel School District #52
- Canby School District 86
- Centennial School District
- Central Oregon Community College
- Chemeketa Community College
- Clackamas Education Service District
- Columbia Gorge Education Service District
- Corvallis School District 509J
- Gladstone School District
- Greater Albany Public School District
- Forest Grove School District
- Jefferson School District
- Junction City School District
- Klamath County School District
- Lane Community College
- Lane Education Service District
- Lincoln County School District
- Linn Benton Community College
- Linn Benton Lincoln ESD
- Multnomah Education Service District
- Newberg School District
- North Santiam School District
- North Wasco County School District
- Oregon City School District
- Parkrose School District
- Perrydale School District
- Southern Oregon Educational Services District
- Springfield Public Schools
- Helens School District
- Sweet Home School District 55
- Umatilla School District
- Vernonia School District
- West Linn-Wilsonville School District
If you received a breach notification letter about Carruth Compliance Consulting, Inc.:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.