Rumpke Waste & Recycling Data Breach Settlement, What 17,000 Employees Must Know About the $750K Payout
Rumpke Waste & Recycling agreed to a $750,000 settlement resolving a class action lawsuit over a data breach discovered in October 2024 that exposed employee personal information including Social Security numbers. Nearly 17,000 current and former employees may be eligible for compensation between $237.50 and $475, or up to $5,000 for documented losses, by filing a claim before the deadline.
Hackers stole more than 3 terabytes of employee data during a ransomware attack that went undetected for months. The settlement marks one of the largest waste management industry data breach recoveries, with final court approval scheduled for April 16, 2026.
This Affects You If You Worked for Rumpke
This affects you if you were a Rumpke employee or dependent covered under the company’s benefits plan and received a data breach notice in December 2024. Understanding this settlement matters because your Social Security number, medical information, and financial data may be circulating on the dark web right now, putting you at risk for identity theft that could affect you for years. The settlement provides immediate compensation plus free credit monitoring, but only if you act before the deadline.
What Happened in the Rumpke Data Breach
Timeline of the Attack
On October 11, 2024, Rumpke discovered a dark web posting where attackers claimed they had accessed and stolen data from the company’s IT systems. The investigation revealed hackers had compromised a user account beginning July 20, 2024, giving them nearly three months of unrestricted access to employee files.
The unauthorized access continued through August 2024 before Rumpke detected the intrusion. Cybersecurity investigators determined the attackers extracted more than 3 terabytes of data before being locked out.
Rumpke began mailing breach notification letters to affected individuals on December 10, 2024—two months after discovering the attack.
What Information Was Stolen
The Rumpke data breach exposed highly sensitive employee information including names, dates of birth, addresses, contact information, Social Security numbers, health insurance plan enrollment and account information, medical diagnosis and treatment information, driver’s license or state identification numbers, and financial account information.
Nearly 17,000 people had their information compromised. The class includes current and former Rumpke employees, their dependents, and anyone enrolled in Rumpke’s health plan from 2015 until July 27, 2024.
How the Breach Occurred
According to court documents, hackers gained access through a compromised user account. This social engineering attack allowed criminals to bypass security measures by using legitimate login credentials they had obtained.
Once inside Rumpke’s systems, the attackers infiltrated parts of the network containing employee files, health plan data, and other sensitive records. The ransomware attack encrypted critical systems while simultaneously exfiltrating massive amounts of data.
What the Lawsuit Alleged and How It Was Resolved
The Plaintiffs’ Claims
Multiple Rumpke employees filed class action lawsuits alleging the company failed to implement reasonable cybersecurity measures to protect their personal information. The complaints argued Rumpke was negligent in several ways.
First, plaintiffs claimed Rumpke failed to maintain effective cybersecurity infrastructure and was unable to identify malicious activity until cyberattackers began demanding ransom. Second, they alleged the company violated HIPAA by failing to adequately protect employee health information. Third, the lawsuits claimed Rumpke delayed notifying affected employees about the October 2024 breach.
The legal theories included negligence, breach of implied contract, violation of state data breach notification laws, and unjust enrichment.
Settlement Without Admission of Wrongdoing
Rumpke denied all allegations but agreed to the $750,000 settlement in November 2025 to avoid the expense and uncertainty of continued litigation. The company maintains it has no evidence that personal information was extracted from networks or misused for identity theft or fraud.
Hamilton County Common Pleas Court Judge Leah Dinkelacker granted preliminary approval for the settlement. The final approval hearing is scheduled for April 16, 2026, barring any objections.
What the $750K Rumpke Settlement Provides
Settlement Fund Breakdown
The $750,000 total settlement fund will be distributed according to a specific allocation. Attorney fees will likely consume 25-33% of the fund, or up to $250,000. Settlement administration costs will be deducted next. Named plaintiffs who led the lawsuit will receive service awards typically ranging from $2,500 to $5,000 each.
The remaining amount will be divided among class members who file valid claims. With nearly 17,000 affected individuals, the per-person payout depends entirely on how many people submit claims.
Cash Payment Options
Class members can choose from multiple compensation options. Those who submit documented proof of out-of-pocket expenses can receive reimbursement up to $5,000. Reimbursable expenses include identity theft costs, fraud losses, credit monitoring services purchased, fraudulent charges not reimbursed by banks, and time spent addressing breach consequences at a reasonable hourly rate.
All settlement class members may also file a claim to receive a one-time, pro-rated cash payment estimated between $237.50 and $475. The settlement website reports this amount may change depending on the total number of valid claims filed.
Free Credit Monitoring
All class members are eligible to receive one year of three-bureau identity theft and credit monitoring protection through the settlement, regardless of whether they file for cash compensation.
Enhanced Security Measures
The settlement requires Rumpke to implement improved data security practices and policies, though specific details about these security enhancements were not disclosed in public court documents.
Who Is Eligible and How to File a Claim
Class Definition
The settlement class includes all United States residents whose private information was implicated in the October 2024 data breach. This includes anyone who received direct notice of the breach from Rumpke.
Specifically excluded from the class are: persons who timely and validly request exclusion, the judge and court staff assigned to the case, Rumpke’s officers and directors, and anyone found guilty of initiating or aiding the criminal activity that caused the breach.
How to File Your Claim
Visit the official settlement website at RCCDataSettlement.com administered by the court-appointed settlement administrator. You can complete your claim form online or download and mail a paper form.
To file, you’ll need to provide information to verify your class membership, including your name, address, and the breach notification letter you received. If claiming reimbursement for documented losses, submit receipts for credit monitoring, bank statements showing fraudulent charges, evidence of time spent addressing the breach, and a declaration under penalty of perjury that your information is true.
Critical Deadlines
The specific claim filing deadline has not yet been publicly announced but typically falls 90-120 days after preliminary approval or notice mailing. Based on the November 2025 settlement agreement, the deadline will likely be in early 2026.
The objection deadline for those who disagree with settlement terms and the opt-out deadline for those wanting to pursue individual lawsuits will be announced with the claim deadline.
The final approval hearing is scheduled for April 16, 2026.
What Happens Next
After you file your claim, the settlement administrator will review it for completeness and eligibility. Payments will be distributed only after the court grants final approval at the April 16, 2026 hearing and any appeals are resolved. This typically means payments arrive 6-12 months after the claim deadline.
Pro Tip: File your claim even if you don’t have documented out-of-pocket losses. You’re still eligible for the pro-rated cash payment of $237.50 to $475, and that money is yours if you’re a class member. Don’t leave money on the table by ignoring this settlement.
What You Must Know About This Data Breach
Could This Breach Have Been Prevented?
Data breaches in service industries commonly result from phishing attacks on employees, unpatched software vulnerabilities, weak passwords or access controls, third-party vendor security failures, ransomware attacks, and inadequate encryption of stored data.
The Rumpke breach appears to have resulted from a compromised user account—a security failure that could have been prevented with multi-factor authentication, employee security training, and better access controls. Industry standards for protecting employee data include encrypting sensitive information, implementing least-privilege access policies, and monitoring for unusual network activity.
Whether Rumpke’s security measures met reasonable industry standards will be a question the court considers when deciding whether to approve the settlement.
Your Ongoing Risk
Even with this settlement, your data may still be at risk. Once Social Security numbers and health information appear on the dark web, criminals can exploit that data indefinitely. Settlement compensation doesn’t undo the privacy violation or eliminate future identity theft risk.
You must actively protect yourself by monitoring credit reports and financial accounts, setting up fraud alerts or credit freezes, watching for phishing attempts, and understanding that identity theft can occur months or years after a breach.
How This Settlement Compares to Other Data Breach Cases
Settlement Size Context
The $750,000 Rumpke settlement is relatively modest compared to recent data breach settlements. AT&T paid $177 million for two 2024 breaches affecting 73 million customers. MGM Resorts paid $45 million for breaches affecting 37 million customers. WebTPA paid $13.75 million for a breach affecting 2.4 million people.
With 17,000 affected individuals, the Rumpke settlement suggests either a smaller breach scope, a weaker liability case, or Rumpke’s limited financial resources compared to major corporations.
Per-Person Payout Comparison
Most data breach settlements provide $20 to $100 per person for basic claims without documented losses. The estimated $237.50 to $475 per person in the Rumpke settlement is significantly higher than average, likely because the relatively small class size allows for larger individual payments from the settlement fund.
However, factors affecting settlement size include the number of affected individuals, types of data exposed (Social Security numbers and medical data lead to higher settlements), evidence of actual identity theft resulting from the breach, and the defendant’s ability to pay.
Your Rights and Options Under the Settlement
Accepting the Settlement
If you file a claim by the deadline, you’ll receive payment and remain a class member. However, you’ll release all claims against Rumpke related to this breach and cannot sue the company individually. This is the simplest option for most people and ensures you receive compensation.
Objecting to the Settlement
You can object if you think the settlement is unfair. You must file a written objection with the court by the specified deadline, and you can attend the April 16, 2026 final approval hearing to voice your concerns. Even if you object, you’re still bound by the settlement if the court approves it—unless you also opt out.
Opting Out
Opting out excludes you from the settlement class entirely. You must send a written opt-out request by the deadline. If you opt out, you preserve your right to sue Rumpke individually but receive nothing from this settlement. This only makes sense if you have significant individual damages worth pursuing separately, such as actual identity theft that resulted in major financial losses.
Doing Nothing
If you take no action, you get nothing but are still bound by the settlement and release your claims. This is the worst option—you give up your legal rights without receiving any compensation.
What to Do Next If You’re Affected
Immediate Steps for Rumpke Employees
Locate your breach notification letter from December 2024. This proves you’re a class member. Visit RCCDataSettlement.com for official information and the claim form.
Gather documentation of any out-of-pocket losses including receipts for credit monitoring services, bank statements showing fraudulent charges, and time logs documenting hours spent addressing the breach. File your claim before the deadline even if you have no documented losses—you’re still entitled to the $237.50 to $475 cash payment.
Consider whether to accept the settlement, object, or opt out based on your specific situation. Enroll in the free credit monitoring offered through the settlement.
Protecting Yourself After a Data Breach
Take immediate protective steps. Place fraud alerts on your credit reports with Equifax, Experian, and TransUnion. Consider a credit freeze to prevent new accounts from being opened in your name. Monitor bank and credit card statements for unauthorized transactions.
Check your credit reports for suspicious activity. Change passwords for financial accounts, especially if you used the same password for any Rumpke systems. Set up account alerts for unusual activity.
Long-term protection requires continued vigilance. Keep monitoring your credit for at least 2-3 years after the breach. Be wary of phishing emails or calls claiming to be from Rumpke or the settlement administrator. File an identity theft report with the FTC if you experience fraud. Keep records of all breach-related expenses for tax purposes.
Settlement payments for identity theft losses are generally not taxable, but payments for time and inconvenience may be taxable. Consult a tax professional if you receive a significant settlement payment.
Where to Find Reliable Information
The official settlement website at RCCDataSettlement.com provides claim forms, FAQs, important dates, court documents including the settlement agreement and preliminary approval order, and contact information for the settlement administrator.
For additional resources, check the court docket for case details, plaintiffs’ attorneys’ websites for settlement information, your state attorney general’s consumer protection division, Federal Trade Commission identity theft resources at IdentityTheft.gov, and the Consumer Financial Protection Bureau.
Rumpke’s official website may provide breach information and customer support. If you need legal help, contact consumer protection attorneys if considering opting out, legal aid organizations if you’re low-income, or your state bar association’s lawyer referral service.
Frequently Asked Questions
How much money will I get from the Rumpke settlement?
You can receive between $237.50 and $475 as a pro-rated cash payment, or up to $5,000 if you submit documented proof of out-of-pocket losses related to the breach. The exact amount depends on how many class members file claims.
When is the deadline to file a Rumpke settlement claim?
The specific claim deadline will be announced after preliminary approval and is typically 90-120 days after notice is mailed. Based on the November 2025 settlement timeline, expect a deadline in early 2026.
What information was stolen in the Rumpke data breach?
The breach exposed Social Security numbers, names, dates of birth, addresses, health insurance information, medical diagnosis and treatment data, driver’s license numbers, and financial account information of nearly 17,000 employees and dependents.
Am I eligible for the Rumpke settlement?
You’re eligible if you were a Rumpke employee or dependent whose information was compromised in the October 2024 breach and you received a breach notification letter in December 2024.
How do I file a claim for the Rumpke settlement?
Visit RCCDataSettlement.com to file online or download a paper claim form. You’ll need your breach notification letter and any documentation of losses you’re claiming.
Should I accept the Rumpke settlement or opt out?
Most people should accept the settlement and file a claim. Only opt out if you suffered significant individual damages like major identity theft losses that exceed what the settlement offers, and you’re willing to pursue your own lawsuit.
When will I receive my Rumpke settlement payment?
Payments will be distributed after the April 16, 2026 final approval hearing and after any appeals are resolved, typically 6-12 months after the claim deadline.
Last Updated: January 14, 2026 — We keep this current with the latest legal developments.
Disclaimer: This article provides information about the Rumpke data breach settlement based on court documents, settlement agreements, and official settlement administrator notices. It is not legal advice, and AllAboutLawyer.com does not provide legal services. If you have specific legal questions about the settlement or your rights, consult a qualified attorney. Information is based on publicly available documents and may change as the case proceeds through final approval.
Take Action Now: Don’t let the claim deadline pass. Visit the official settlement website today to file your claim and protect your share of the settlement fund. If you were affected by this breach, you deserve compensation.
Stay informed, stay protected. — AllAboutLawyer.com
About the Author
Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah