Carruth Data Breach

Carruth Incident

Carruth Compliance Consulting is the third-party administrator that handles 403(b) and 457(b) retirement savings plan for many Oregon school districts, including Lincoln County School District. Carruth discovered suspicious activity on their computer systems. An investigation revealed that unauthorized access to Carruth’s network occurred in late December 2024, resulting in the compromise of sensitive employee data for Carruth’s clients, including LCSD. The Carruth Incident potentially affects all current and former Lincoln County School District’s employees and their beneficiaries dating back to 2001.

Caruth Notice of Data Security Event

Notice Letter Sent to All LCSD Personnel – January 21, 2025

Frequently asked questions

Was my information affected?

This data breach potentially impacts all Lincoln County School District employees, and we encourage all potentially affected current and former employees to take the steps outlined below to monitor and protect their personal information.

What information was affected?

The affected information at Carruth may include employees’ and beneficiary names, Social Security numbers, email addresses, financial account information, driver’s license numbers, W-2 information, medical billing information (but not medical records).

What is Lincoln County School District doing?

We are working with Carruth and multiple other parties to understand the full scope of the Incident, to ensure all affected employees will be directly notified and provided appropriate remediation services, and to ensure Carruth is taking appropriate steps to mitigate the impact on our employees. For the foreseeable future, no further retirement account transactions from Lincoln County School District employees will be processed by Carruth. We will update information about the incident as it becomes available.

What should I do?

  • Enroll in credit monitoring and identity restoration services. Carruth is offering free credit monitoring and identity restoration services through IDX, a firm that provides identity protection services to consumers affected by data security incidents. To enroll, please call IDX at 877.720.7895. We have requested that Carruth directly notify each affected employee, but you can enroll in the services before receiving an “official” notification letter.
  • Monitor your accounts. Regularly review your bank accounts, credit card statements, and other financial accounts for any suspicious activity. If you see anything unusual, report it to your financial institution immediately.
  • Check your credit reports. You are entitled to one free credit report annually from each of the three major credit reporting bureaus (Equifax, Experian and TransUnion). Visit www.annualcreditreport.com or call 877.322.8228 to order your free reports.
  • Consider placing a fraud alert on your credit file. Fraud alerts notify creditors to verify your identity before issuing new credit. You can place an initial fraud alert (lasting one year), or an extended fraud alert (lasting seven years), at no cost, if you believe you are a victim of identity theft.
  • Consider placing a Credit freeze on your credit file. Credit freezes prevent credit bureaus from releasing your credit report without your explicit consent. This makes it harder for identity thieves to open accounts in your name. You can place a credit freeze on your credit file at no cost.
  • Report any suspicious activity. If you suspect you are a victim of identity theft, you should file a police report.  You can also report it to the Federal Trade Commission at www.identitytheft.gov or 877.ID.THEFT (877.438.4338).
  • How do I place fraud alerts and credit freezes on my credit file? Place a fraud alert and/or a credit freeze on your credit file by contacting each of the three major credit reporting bureaus:

Additional resources