Carruth Compliance Consulting reports data breach affecting thousands school employees
Learn More
Carruth Compliance Consulting (CCC), an Oregon-based retirement plan administrator for 403(b) and 457(b) accounts, has disclosed a significant data breach affecting thousands of current and former school employees across multiple Portland-area school districts.
CCC launched an investigation, notified the FBI, and engaging a third-party specialist for forensic analysis.
The specific nature of the compromised data has not been disclosed but it's confirmed that sensitive employee information related to retirement accounts was exposed. The breach is affecting employees dating back to 2009. The exact number of impacted individuals has not been disclosed, but it's multiple thousands.
Affected Organizations:
- Portland Public Schools
- Beaverton School District
- Hillsboro School District
- North Clackamas School District
- Parkrose School District
- Reynolds School District
- Gresham-Barlow School District
- Salem-Keizer Public Schools
The nature of the attack is not disclosed.
Update - as of 3rd of March 2025, Carruth reports that the breach exposed the data of more than 48,400 retirement plan participants.
As of 8th of March, another three public school districts are reporting that they were impacted by the breach. To date, the breach has exposed 76,899 individuals.
One of the primary challenges in managing this breach is the difficulty in reaching former employees who worked at the affected districts since 2009. Districts are encouraging all former employees who worked at any impacted school system since 2009 to check their respective district websites for guidance on identity protection measures.
The company is offering free credit monitoring and identity restoration services to affected individuals.
