The Fluke Corporation data breach exposed personal information for 18,517 people during a two-month intrusion that ran from August 10 through October 7, 2025. If you got a notice letter in the last few weeks, you’re one of them. The data taken includes the worst possible combination for identity theft \u2014 Social Security number, date of birth, and in some cases an indicator of self-identified disability status.<\/p>\n
Here’s what actually happened, what your exposure looks like, and what to do in the next few weeks.<\/p>\n
A criminal actor got into Fluke’s network through a vulnerability in a third-party business application Fluke uses. They were inside from August 10, 2025 through October 7, 2025<\/strong> \u2014 about 58 days. Fluke didn’t catch it until later and didn’t notify the people affected until this spring.<\/p>\n Fluke is headquartered right here in Everett. The company makes industrial testing and measurement equipment and has been a fixture on the local employer list for decades. Most of the people getting notice letters are current or former employees, dependents on the company’s benefit plans, or applicants whose information was on file.<\/p>\n According to Fluke’s disclosure, the data accessed includes:<\/p>\n That last category is unusual. Most breach notices stop at SSN and DOB. The disability indicator turns this into a more sensitive disclosure than the usual breach because it’s a health-adjacent data point tied to your name and SSN.<\/p>\n The notice you received probably offered credit monitoring through one of the standard vendors (Experian, Kroll, or similar) for 12 or 24 months. That’s standard practice. It’s also the bare minimum.<\/p>\n Credit monitoring alerts you when a new account is opened in your name or your credit file changes. It’s reactive. It doesn’t prevent anyone from using your SSN. It just tells you after the fact, sometimes weeks after.<\/p>\n For a breach this severe \u2014 SSN, DOB, and a third sensitive data point all combined \u2014 credit monitoring alone isn’t enough. The people who buy stolen data on dark-web markets are patient. They’ll sit on a batch like this for a year or more before using it, specifically because most credit monitoring offers expire at 12 or 24 months. By the time the alerts stop, the data is still active.<\/p>\n What you should do, regardless of whether you decide to pursue a claim:<\/p>\n Freeze your credit at all three bureaus.<\/strong> Equifax, Experian, and TransUnion. It’s free, takes about 15 minutes total online, and it actually blocks new accounts. Unlike monitoring, it’s preventive.<\/p>\n File an IRS Identity Protection PIN.<\/strong> Tax refund fraud is one of the fastest payoffs for someone holding stolen SSNs. The IRS has a free program (Form 15227 or online at IRS.gov) that requires a six-digit PIN to file your return.<\/p>\n Check your Social Security earnings record.<\/strong> Log into SSA.gov and pull your earnings statement. If someone is using your SSN for employment, it shows up here before it shows up anywhere else.<\/p>\n Keep the notice letter.<\/strong> Don’t throw it out. If something happens later, the date you received notice matters for both your damages and the legal deadline.<\/p>\n Washington has a couple of laws that apply to a breach like this.<\/p>\n The Washington Data Breach Notification Act<\/strong> (RCW 19.255) requires companies to notify Washington residents within 30 days of discovering a breach involving SSNs and other personal information. If Fluke missed that deadline \u2014 and the timeline suggests they may have, given the breach window ran through October 2025 \u2014 that’s a violation independent of whatever caused the breach in the first place.<\/p>\n The Washington Consumer Protection Act<\/strong> (RCW 19.86) allows lawsuits for unfair or deceptive business practices that cause injury. Storing sensitive personal data with inadequate security, then failing to disclose the breach promptly, can fit under that statute.<\/p>\n There’s also a negligence theory: Fluke had a duty to protect this data and arguably breached that duty by leaving a third-party application vulnerability open long enough for someone to spend two months inside the network.<\/p>\n What you’d be claiming damages for typically includes:<\/p>\n Class actions are the typical vehicle for breaches this size. With 18,517 people affected, individual lawsuits don’t make economic sense for most claimants. A class action lets one or a small group of plaintiffs pursue the case on behalf of everyone.<\/p>\n Probably not. The breach disclosure went out a few weeks ago and at least one out-of-state firm has already posted advertising specifically targeting Fluke victims. That’s normal \u2014 these cases move fast and firms compete for lead plaintiffs.<\/p>\n A few things worth knowing before you sign anything:<\/p>\n You don’t owe anyone a decision today.<\/strong> Data breach class actions take 18 to 36 months to resolve. There’s no rush in the first week.<\/p>\n Local matters in Washington.<\/strong> If a class action gets filed, it will likely be in federal court in the Western District of Washington (Seattle) given Fluke’s location. A firm with people in the state has logistical advantages.<\/p>\n The fee structure should be straightforward.<\/strong> Class action firms work on contingency \u2014 no fee unless there’s a recovery. Anyone asking for money up front isn’t running a real class action practice.<\/p>\n You’re a “class member,” not necessarily a “named plaintiff.”<\/strong> Most people in these cases don’t need to actively sign up at all. Once a case is certified, you get notice automatically as part of the affected class. Signing up with a firm now mostly matters if you want to be a lead plaintiff or want a specific firm representing your interests.<\/p>\n Russell & Hill is based in Everett, the same town as Fluke. We’ve been watching the Fluke Corporation data breach since the disclosure came out and we’re evaluating the case for clients in Washington and Oregon. If you got a notice letter and want to talk through what your specific exposure looks like \u2014 what was in your particular notice, whether you’ve already seen suspicious activity, what your options are \u2014 call us at 425-212-9165<\/strong>. There’s no charge for the conversation and no obligation to do anything.<\/p>\n Whether you end up working with us, another firm, or no firm at all, freeze your credit this week. That’s the single most important thing you can do, and it doesn’t require a lawyer.<\/p>\n","protected":false},"excerpt":{"rendered":" The Fluke Corporation data breach exposed personal information for 18,517 people during a two-month intrusion that ran from August 10 through October 7, 2025. If you got a notice letter in the last few weeks, you’re one of them. The data taken includes the worst possible combination for identity theft \u2014 Social Security number, date<\/p>","protected":false},"author":16,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[296],"tags":[],"class_list":["post-14590","post","type-post","status-publish","format-standard","hentry","category-class-actions"],"acf":[],"_links":{"self":[{"href":"https:\/\/russellandhill.com\/es\/wp-json\/wp\/v2\/posts\/14590","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/russellandhill.com\/es\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/russellandhill.com\/es\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/russellandhill.com\/es\/wp-json\/wp\/v2\/users\/16"}],"replies":[{"embeddable":true,"href":"https:\/\/russellandhill.com\/es\/wp-json\/wp\/v2\/comments?post=14590"}],"version-history":[{"count":0,"href":"https:\/\/russellandhill.com\/es\/wp-json\/wp\/v2\/posts\/14590\/revisions"}],"wp:attachment":[{"href":"https:\/\/russellandhill.com\/es\/wp-json\/wp\/v2\/media?parent=14590"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/russellandhill.com\/es\/wp-json\/wp\/v2\/categories?post=14590"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/russellandhill.com\/es\/wp-json\/wp\/v2\/tags?post=14590"}],"curies":[{"name":"gracias","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}What was actually exposed<\/h2>\n
\n
What credit monitoring actually does \u2014 and doesn’t do<\/h2>\n
What kind of claim do people in this situation have<\/h2>\n
\n
Should you sign up with the first firm that contacts you<\/h2>\n
What we’re doing about it<\/h2>\n