Cyber Incident Victim: Carruth Compliance Consulting
Date:
Dec 2024
Location:
United States of America
Summary
A cybersecurity incident at Carruth Compliance Consulting involved unauthorized access to systems, resulting in data exfiltration. The breach compromised sensitive information including names, Social Security numbers, financial account details, and, for some individuals, driver's license numbers, tax filings, W-2 data, and medical billing information. The organization engaged third-party specialists to investigate, confirmed unauthorized access occurred over multiple days, and notified law enforcement. Impacted individuals were offered complimentary credit monitoring and identity restoration services. The incident affected administrative systems supporting retirement plans for public school districts and non-profit organizations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Carruth Compliance Consulting (CCC) detected suspicious activity impacting certain computer systems on December 21, 2024. The investigation, conducted with third-party specialists, determined unauthorized actors accessed CCC's network between December 19 and December 26, 2024, during which they copied files from the compromised systems. CCC specializes in providing third-party administrative services for 403(b) and 457(b) retirement savings plans to public school districts and non-profit organizations, making its systems repositories of sensitive participant data. The forensic review confirmed the exfiltrated information included individuals' names combined with Social Security numbers and financial account details. A subset of affected individuals also had driver's license numbers, W-2 forms, medical billing information (excluding medical records), and tax filings exposed. CCC formally notified impacted parties of the breach on January 13, 2025, after completing its data review to identify the scope of compromised information.
Upon confirming the unauthorized access, CCC engaged law enforcement by notifying the Federal Bureau of Investigation. The organization implemented measures to contain the incident, though specific technical remediation steps were not disclosed publicly. CCC offered affected individuals complimentary credit monitoring and identity restoration services through IDX, accessible via a dedicated toll-free number. The public notice advised vigilance in monitoring financial accounts and credit reports, directing consumers to utilize annualcreditreport.com for free credit checks. It outlined options for fraud alerts and credit freezes through the three major credit bureaus—Equifax, Experian, and TransUnion—while noting associated limitations on credit approval processes. The notification included contact details for the Federal Trade Commission, state attorneys general, and specific instructions for North Carolina residents to engage their state's attorney general office. CCC established a dedicated call center operational on weekdays from 6:00 am to 6:00 pm PST to address inquiries about the incident.