TPSC Data Breach Affects PII & PHI

Trusteed Plans Service Corporation (TPSC), a third-party administrator specializing in employee benefit plan administration, experienced a major data breach. On Dec. 26, 2024, the company identified suspicious activity within its internal network. An investigation determined that a cybercriminal gained access and obtained sensitive data from the TPSC computer environment.

A review was completed on Aug. 7, 2025 and revealed that both personally identifiable information (PII) and protected health information (PHI) may have been compromised. Exposed data may include names, addresses, dates of birth, Social Security numbers, health insurance information and medical information. The total number of individuals has not been released, but is believed to be in the thousands.

The breach was officially disclosed to the California Attorney General’s office on Sept. 15, 2025. Trusteed Plans Service Corporation began notifying impacted individuals by mail on the same day.

Trusteed Plans Service Corporation's response

In response to the breach, TPSC disconnected network access, changed administrative credentials and restored operations in a safe and secure mode. The company is also providing impacted individuals 12 months of free cyber monitoring services through HaystackID, a company specializing in fraud assistance and remediation. Similar services are being offered to minors and estates of deceased individuals whose information was compromised in the cybersecurity incident.

If you receive a data breach notice from Trusted Plans Service Corporation, your employer or your insurer, you may want to:

• Sign up for the free cyber monitoring services, provided by the company.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

For more information about the company, visit the official TPSC Benefits website.