Carruth Data Breach
Carruth Incident
This week we learned that Carruth Compliance Consulting, the third-party administrator of Scio School District’s 403(b) and 457(b) retirement savings plans, discovered suspicious activity on its computer systems on December 21, 2024 (the “Carruth Incident” or “Incident”). Carruth reported that an investigation revealed that sensitive employee data for Carruth’s clients, including Scio School District’s, was affected. Carruth’s customers include many Oregon school districts, ESDs and other organizations.
Carruth reported that upon learning of the Incident, they began working with third-party specialists to investigate the activity, and then notified the Federal Bureau of Investigation. Carruth also engaged a sub-contractor to handle processing of information coming in from its clients. For the foreseeable future, no further retirement account transactions from Scio School District’s employees will be processed by Carruth.