Trusteed Plans Service Discloses Data Breach Exposing Social Security Numbers

On Dec. 26, 2024, Trusteed Plans Service Corporation (TPSC), a third-party administrator specializing in employee benefit plans, experienced a data breach that affected 1,099 employees of Skagit County in Washington state. According to the Washington Attorney General’s data breach notification, the breach exposed sensitive personal and health information including names, Social Security numbers, full dates of birth, health insurance policy or ID numbers, and medical information.

The breach was not publicly disclosed until Sept. 8, 2025, when TPSC submitted its official notice to the state on behalf of Skagit County. The specific method by which the breach occurred has not been detailed in the public disclosure. However, the breadth of information exposed, spanning both identity and medical data, makes this a serious incident for those affected.

Trusted Plans Service's response

Following the incident, TPSC notified affected individuals and filed the required disclosure with the state. While the full details of the company’s response have not been made public, individuals whose information was exposed should remain vigilant. It is recommended that affected individuals:

• Monitor credit reports for any unauthorized activity
• Watch for suspicious emails, phone calls, or mail that could indicate identity theft or phishing attempts
• Review health insurance statements for any unfamiliar medical claims

Because the breach included both Social Security numbers and medical information, those affected should consider placing a fraud alert or security freeze on their credit files as an added precaution.