Trusteed Plans Service Corporation Data Breach Lawsuit Investigation

Were you one of the 1,099 Skagit County employees whose Social Security numbers and medical records were exposed? The Trusteed Plans Service Corporation (TPSC) data breach puts your identity and health privacy at risk. Discover how to protect yourself and whether you can claim compensation now.

What Happened?

On December 26, 2024, TPSC—an employee-benefits administrator based in Tacoma, Washington—suffered an unauthorized network intrusion. Although the incident occurred in 2024, the company did not disclose it publicly until September 8, 2025, when it filed an official notice with the Washington Attorney General’s Office on behalf of Skagit County.

What Information Was Exposed?

The breach exposed both personally identifiable information (PII) and protected health information (PHI), including:

• Full names
• Social Security numbers
• Dates of birth
• Home addresses
• Government-issued ID numbers
• Health insurance policy or ID numbers
• Medical and treatment details
• Financial information related to benefit plans

With Social Security and medical data in the same data set, victims face heightened risks of tax fraud, medical identity theft, and long-term privacy issues.

Who Is Affected?

The notice confirms impact on at least 1,099 current and former Skagit County employees. If you worked for the county and participated in benefit plans administered by TPSC, your data may be involved even if you no longer live in Washington.

Immediate Steps to Protect Yourself

• Place a fraud alert or security freeze with the major credit bureaus.
• Review health-insurance Explanation of Benefits (EOB) statements for unfamiliar charges.
• Monitor bank, HSA, and credit-card accounts for unauthorized transactions.
• Enable multi-factor authentication (MFA) on banking, email, and benefits portals.
• Be cautious of phishing emails that reference Skagit County, benefits, or the breach.
• Keep copies of any letters, emails, or expenses related to the incident—these may support a future claim.

Can You File a Lawsuit Against TPSC?

Data-breach laws allow victims to seek damages for:

• Out-of-pocket losses (e.g., credit-monitoring fees, fraudulent charges)
• Time spent mitigating identity theft
• Emotional distress and diminished value of personal data
• Potential future costs from medical or financial fraud

Attorneys are actively investigating whether TPSC used reasonable cybersecurity measures and provided timely notice as required by state and federal law. If negligence is proven, you could be eligible for monetary compensation without paying any upfront legal fees.

Important Deadlines

Each state sets a statute of limitations for data-breach claims (often 1–3 years from discovery). Because the incident became public on September 8, 2025, the clock to file may already be running. Consult an attorney promptly to preserve your rights.

Download Official Breach Notice (PDF)

Frequently Asked Questions

How did the Trusteed Plans Service Corporation data breach occur?

TPSC has not publicly shared the specific cause. Investigations are ongoing, but it involved unauthorized access to systems holding employee benefit data.

What should I do if I received a Trusteed Plans Service Corporation breach letter?

Follow the steps in the notice, enroll in any offered credit monitoring, place fraud alerts, and consider joining a legal action to recover costs and damages.

Can former Skagit County workers join the TPSC lawsuit?

Yes. Eligibility is based on whether your personal information was stored by TPSC, not your current employment status.

Will TPSC offer free credit monitoring?

The notice typically includes at least 12 months of credit monitoring. Review your letter for enrollment instructions and deadlines.

What damages can I claim from the Trusteed Plans Service Corporation breach?

Potential damages include reimbursing fraudulent charges, compensating for time spent, future identity-theft protection costs, and emotional distress related to privacy loss.

Is medical identity theft a risk from this breach?

Yes. Criminals can use stolen medical info to obtain treatment, prescriptions, or file fraudulent insurance claims in your name, harming your medical records and finances.