Three female students smiling at the camera in the lunch room
Business Office » Carruth Data Breach

Carruth Data Breach

On January 13, 2025, we learned that Carruth Compliance Consulting, the third-party administrator of FGSD’s 403(b) and 457(b) retirement savings plans, discovered suspicious activity on its computer systems on December 21, 2024 (the “Carruth Incident” or “Incident”). Carruth reported that an investigation revealed that sensitive employee data for Carruth’s clients, including FGSD, was affected. Carruth’s customers include many Oregon school districts, educational service districts and other organizations. 
 
Carruth reported that upon learning of the Incident, they began working with third-party specialists to investigate the activity, and then notified the Federal Bureau of Investigation. Carruth also engaged a sub-contractor to handle processing of information coming in from its clients. For the foreseeable future, no further retirement account transactions from FGSD employees will be processed by Carruth. We are in the process of transitioning to another provider for these services and will provide information about it in subsequent communications.
 
Frequently Asked Questions
It appears that the Carruth Incident may potentially affect all individuals who were employed by FGSD between Date of Engagement with Carruth and January 2025. We encourage all potentially affected current and former employees to take the steps outlined below to monitor and protect their personal information. It is also possible that beneficiaries could be impacted by the data incident. We encourage beneficiaries to sign up/take steps to protect themselves as well. 
Carruth reported that the affected information may include employee and beneficiary Form W-2 Wage and Tax Statement information (names, Social Security numbers, mailing addresses and compensation information), dates of birth, financial account information, email addresses, driver’s license numbers and medical billing information (but not medical records).
No. The Carruth Incident is a third party incident involving the Carruth systems – it has nothing to do with FGSD’s systems. FGSD’s systems were not involved in the Carruth Incident and FGSD’s systems remain secure.
There is no evidence that retirement accounts were affected, and we are in communication with the custodians of those accounts to ensure they remain secure.
We are working with Carruth and multiple other parties to understand the full scope of the Incident, to ensure all affected employees will be directly notified and provided appropriate remediation services, and to ensure Carruth is taking appropriate steps to mitigate the impact on our employees. We will update information about the incident as it becomes available.
  • Enroll in Credit Monitoring and Identity Restoration Services: Carruth is offering free credit monitoring and identity restoration services through IDX, a firm that provides identity protection services to consumers affected by data security incidents. To enroll, please call IDX at 877.720.7895
 
  • Turn on Multi-factor Authentication: Employees should set up multif-actor authentication with their 403b/457 vendor to the extent possible to add an additional level of security to their retirement funds. 
 
  • Monitor Your Accounts: Regularly review your bank accounts, credit card statements, retirement accounts and other financial accounts for any suspicious activity. If you see anything unusual, report it to your financial services provider immediately.
 
  • Check Your Credit Reports: You are entitled to one free credit report annually from each of the three major credit reporting bureaus (Equifax, Experian and TransUnion). Visit www.annualcreditreport.com or call 877.322.8228 to order your free reports.
 
  • Consider Placing a Fraud Alert or Credit Freeze on your Credit Report: Fraud alerts notify creditors to verify your identity before issuing new credit. You can place an initial fraud alert (lasting one year), or an extended fraud alert (lasting seven years), at no cost, if you believe you are a victim of identity theft.
 
  • Consider placing a Credit freeze on your credit file: Credit freezes prevent credit bureaus from releasing your credit report without your explicit consent. This makes it 6 12307699v1 harder for identity thieves to open accounts in your name. You can place a credit freeze on your credit file at no cost.
 
  • Report Any Suspicious Activity: If you suspect you are a victim of identity theft, you should file a police report. You can also report it to the Federal Trade Commission at www.identitytheft.gov or 877.ID.THEFT (877.438.4338).
  • Fraud Alert: A fraud alert notifies creditors to verify your identity before issuing new credit. You can place an initial fraud alert (lasting one year) or an extended fraud alert (lasting seven years) if you are already a victim of identity theft.
 
  • Credit Freeze: A credit freeze prevents credit bureaus from releasing your credit report without your explicit consent. This makes it harder for identity thieves to open accounts in your name.
Place a fraud alert and/or a credit freeze on your credit file by contacting each of the three major credit reporting bureaus: