What happened to Trusteed Plans Service Corporation?

Trusteed Plans Service Corporation (TPSC), a third-party administrator of self-insured medical plans, experienced a cybersecurity incident that compromised sensitive personal and health information of 19,775 individuals.

When was the TPSC breach detected?

TPSC detected unusual activity in its computer environment on December 26, 2024, and immediately launched an investigation, disconnected all network access, and changed administrative credentials.

How many people were affected by the TPSC data breach?

The cybersecurity incident at TPSC compromised the sensitive personal and health information of 19,775 individuals.

What types of information were exposed in the TPSC breach?

The exposed data includes full names, physical addresses, dates of birth, Social Security numbers, health insurance identification numbers, health plan information, claims information, medical treatment information, medical diagnosis information, medical procedure information, and Medicare/Medicaid identification numbers.

When were affected individuals notified about the TPSC breach?

TPSC began mailing data breach notification letters to all 19,775 affected individuals on September 15, 2025, nearly 10 months after the breach was detected on December 26, 2024.

What type of cyberattack did TPSC experience?

The nature of the attack has not been disclosed by Trusteed Plans Service Corporation.

Why was there a delay in notifying affected individuals?

The reason for the nearly 10 month delay between detection on December 26, 2024, and notification on September 15, 2025, has not been disclosed by TPSC.

Incident

Trusteed Plans Service Corporation reports data breach affecting nearly 20,000 people

Q: What is TPSC offering to affected individuals?

TPSC is offering complimentary credit monitoring and identity protection services to all affected individuals.

Q: Are there any legal actions related to the TPSC breach?

Yes, multiple law firms specializing in data breach class action litigation have announced investigations into potential claims against TPSC related to this incident.

published: Oct. 8, 2025

Learn More

Trusteed Plans Service Corporation, a third-party administrator of self-insured medical plans, is reporting a cybersecurity incident that compromised sensitive personal and health information of 19,775 individuals.

TPSC detected unusual activity in its computer environment on December 26, 2024, and launched an investigation, disconnected all network access and changed administrative credentials. The forensic investigation confirmed that hackers potentially stole sensitive personal information and protected health information.

The exposed data includes:

Full names
Physical addresses
Dates of birth
Social Security numbers
Health insurance identification numbers
Health plan information
Claims information
Medical treatment information
Medical diagnosis information
Medical procedure information
Medicare/Medicaid identification numbers

The nature of the attack is not disclosed. The reason for the nearly 10 month delay in notification is not clear.

TPSC began mailing data breach notification letters to all 19,775 affected individuals on September 15, 2025. The company is offering complimentary credit monitoring and identity protection services.

Multiple law firms specializing in data breach class action litigation have announced investigations into potential claims against TPSC related to this incident.

Trusteed Plans Service Corporation reports data breach affecting nearly 20,000 people

Read More
GEICO data apparently breached, data sold on the …
RBN Insurance Services reports data breach exposing 10k
UnitedHealthcare reports data breach caused by MOVEit vulnerability
IronRock Insurance reports data breach
AZ Blue reports Data Breach through a third …