Northwest Retirement Plan Consultants $1.2M Data Breach Settlement, Your Social Security Number May Have Been Exposed Claim Up to $3,000 Before April 24, 2026

ByAll About Lawyer Reading Time: 7 minutes

NWRPC LLC — doing business as Northwest Retirement Plan Consultants — has agreed to pay $1.2 million to settle a class action lawsuit over an August 2024 cyberattack that exposed the personal information of an estimated 68,500 people. The lawsuit alleged a targeted cyberattack on NWRPC’s computer systems in August 2024 allowed unauthorized individuals to access files containing private information, including names, dates of birth, and Social Security numbers.

 If you received a breach notice from Northwest Retirement Plan Consultants, you can claim up to $3,000 in documented losses or a flat $50 payment with no paperwork required — plus three years of free credit monitoring. The deadline to file your claim is April 24, 2026.

Quick Facts

  • Company: NWRPC LLC (Northwest Retirement Plan Consultants) — now part of Prime Pensions Inc.
  • Breach date: August 2024
  • Data exposed: Names, dates of birth, Social Security numbers
  • People affected: Approximately 68,500
  • Settlement amount: $1,200,000
  • Maximum cash payment: Up to $3,000 for documented losses
  • No-proof payment: $50 flat — no documentation needed
  • Bonus benefit: 3 years of free one-bureau credit monitoring
  • Claim deadline: April 24, 2026 ⚠️
  • Official settlement website: NWRPCsettlement.com
  • Settlement administrator: NWRPC Data Incident Settlement, c/o Settlement Administrator, PO Box 25226, Santa Ana, CA 92799-9958

What Is Northwest Retirement Plan Consultants and Why Does This Breach Matter?

Northwest Retirement Plan Consultants is — or was — a Puyallup, Washington-based retirement plan administration firm that managed 401(k) and other qualified retirement plans for small and medium-sized businesses. As of January 1, 2026, NWRPC has been fully absorbed into Prime Pensions Inc., but the legal obligation to resolve this breach lawsuit remains with the original entity.

Because NWRPC managed retirement plans, it held some of the most sensitive data a company can possess — not just names and contact details but Social Security numbers and dates of birth. This combination is particularly dangerous. Unlike a stolen credit card number that can be cancelled, a Social Security number is permanent. Once exposed, it can be used to open fraudulent accounts, file fake tax returns, take out loans, or commit other forms of identity theft for years or even decades after the breach occurred.

The plaintiffs claimed NWRPC failed to adequately protect personal data. NWRPC denies the allegations but agreed to settle to avoid the expense and uncertainty of continued litigation.

Northwest Retirement Plan Consultants $1.2M Data Breach Settlement, Your Social Security Number May Have Been Exposed, Claim Up to $3,000 Before April 24, 2026

Do You Qualify?

You are eligible to file a claim if both of the following are true:

1. You are a living US resident.

2. You are on NWRPC’s class list — meaning the company’s data review identified your information as potentially compromised in the August 2024 breach.

The clearest indicator you qualify is receiving a breach notification letter or email from Northwest Retirement Plan Consultants. That notice confirms your information was in the systems affected by the attack. It also contains your unique ID and PIN — both required to file your claim online.

If you believe you were a participant in a retirement plan administered by NWRPC but did not receive a notice, contact the settlement administrator directly through NWRPCsettlement.com before April 24, 2026.

Two Payment Options — Choose What Works for You

Option A — Documented Losses: Up to $3,000

Class members can claim up to $3,000 in documented out-of-pocket losses the data breach caused. The losses must have occurred between August 31, 2024 and April 24, 2026.

Qualifying losses include:

  • Unauthorized charges or fraudulent withdrawals from your accounts
  • Costs you paid for credit monitoring or identity theft protection services
  • Professional fees paid to deal with identity theft — such as an accountant or attorney
  • Lost time — at a rate of $25 per hour, up to 5 hours — spent dealing with fraud related to the breach
  • Other unreimbursed expenses you can connect to the breach with documentation

Supporting documentation such as receipts, bank or credit card statements showing unreimbursed fees or fraudulent charges, and other documentation of out-of-pocket expenses is required. Self-prepared documents alone are not sufficient.

Option B — Flat Cash Payment: $50

If you have no documented losses or simply want a quick, hassle-free payment, you can claim a flat $50 with no supporting documents required. Just select this option on the claim form.

Note: all cash payments are subject to a pro rata reduction based upon the total number of claims filed. The more people who file, the smaller individual payments may become.

Bonus for Everyone: 3 Years of Free Credit Monitoring

All class members can elect to receive three years of one-bureau credit monitoring services, which includes access to a fraud resolution agent if suspicious activity is detected.

Given that Social Security numbers were exposed — data that creates long-term identity theft risk — three years of monitoring is genuinely valuable and worth enrolling in regardless of which payment option you choose.

How to File Your Claim Before April 24, 2026

Step 1: Find your breach notice. Locate the notification letter or email from NWRPC. It contains your unique ID and PIN needed to file online.

Step 2: Pick your option. Decide between Option A (up to $3,000, documentation required) or Option B ($50 flat, no proof needed). You can also add the free credit monitoring to either option.

Step 3: File using one of these methods:

  • Online: Visit NWRPCsettlement.com — you will need your unique ID and PIN from your notice
  • By mail: Download and print the PDF claim form from the settlement website, complete it with your unique ID, and mail to:

NWRPC Data Incident Settlement c/o Settlement Administrator PO Box 25226 Santa Ana, CA 92799-9958

No notice received or lost it? Contact the settlement administrator through NWRPCsettlement.com for assistance. Do not assume you are ineligible just because you cannot find the notice.

When Will Payments Go Out?

The settlement administrator will submit payments and credit monitoring information to approved claimants approximately 95 days after the court grants final approval of the settlement.

The final approval hearing date has not yet been publicly confirmed. Based on the April 24, 2026 claim deadline, court approval is likely to follow in mid to late 2026 — putting realistic payment distribution sometime in the fall of 2026.

What to Do Right Now If Your SSN Was Exposed

Filing your claim is the first step. But because Social Security numbers were part of this breach, there are additional steps worth taking immediately — especially if you have not already done so since receiving your breach notice.

Place a credit freeze with all three bureaus. A credit freeze at Equifax, Experian, and TransUnion is free and prevents any new credit accounts from being opened in your name — even by someone who has your full Social Security number. This is the single most effective thing you can do after an SSN breach.

Set up a fraud alert. A fraud alert requires lenders to verify your identity before issuing new credit. It is less restrictive than a freeze but still provides meaningful protection.

File your taxes early. Tax identity theft is extremely common after SSN breaches. Filing your return as soon as you receive your W-2 prevents a fraudster from filing a fake return in your name and collecting your refund.

Monitor for suspicious activity. Check your credit reports at AnnualCreditReport.com and review bank statements regularly for any unauthorized activity.

Social Security number exposure creates identity theft risk that can surface months or years after the original breach — not just immediately. Our guide on what to do after your Social Security number is exposed in a data breach covers every step including whether changing your SSN is possible and when it makes sense. If you have received multiple breach notices involving your SSN in recent months, our coverage of the TransUnion data breach exposing 4.4 million Social Security numbers explains exactly how SSN data gets used by criminals and what long-term monitoring catches.

Key Terms Explained

Social Security Number (SSN) Breach: One of the most serious types of data exposure because SSNs cannot be changed and can be used to steal your identity permanently — opening credit, filing taxes, or taking out loans in your name.

Documented Loss Claim: A claim backed by real evidence showing financial harm directly caused by the breach. Covers unreimbursed expenses, fraudulent charges, monitoring costs, and lost time.

Pro Rata Reduction: If total claims exceed the net fund, individual payments are reduced proportionally. Filing early does not affect your amount, but the total number of claimants does.

Credit Monitoring: A service that watches your credit file for new accounts, inquiries, or changes and alerts you to potential fraud. The three-year monitoring offered here covers one bureau — Equifax, Experian, or TransUnion.

Net Settlement Fund: The portion of the $1.2 million left after attorneys’ fees, administration costs, and service awards are deducted — the pool from which class members are paid.

This article is for informational purposes only and does not constitute legal advice. For questions about your eligibility, claim status, or filing process, visit NWRPCsettlement.com or contact the settlement administrator at the address above.

Sources: NWRPC LLC Data Incident Settlement | Official settlement website: NWRPCsettlement.com | ClaimDepot.com settlement report, March 2026 | South Carolina Department of Consumer Affairs breach notice | Prime Pensions Inc. acquisition announcement

About the Author

Sarah Klein, JD

Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah

Leave a Reply

Your email address will not be published. Required fields are marked *