The Pennsylvania State Education Association (PSEA) is notifying over 500,000 people that their personal information was stolen in a July 2024 data breach.
In a data breach notice on its website, the teachers’ union has revealed that the security incident occurred around July 6 and impacted its network environment, and that the attackers stole certain data from its systems.
On February 18, 2025, PSEA determined that the stolen files contained personal information, and this week it started sending written notifications to the potentially affected individuals.
According to the union, the compromised personal information included names, dates of birth, driver’s license and state ID details, passport numbers, Social Security numbers, account information, usernames and passwords, payment card information, taxpayer ID numbers, and health insurance and medical information.
“We have no evidence that any of the information has been used for identity theft or to commit financial fraud. Nevertheless, out of an abundance of caution, we want to make the impacted individuals aware of the incident,” the union said.
This week, PSEA informed the Maine Attorney General’s Office that 517,487 individuals were impacted by the data breach and that it was providing them with one year of free credit monitoring and identity restoration services.
PSEA did not share details on the type of cyberattack it fell victim to, but said that it took steps “to ensure that the data taken by the unauthorized actor was deleted”, which suggests that it was targeted in a ransomware attack and that a ransom was paid.
In fact, the Rhysida ransomware gang claimed responsibility for the attack in September 2024, by adding PSEA to its Tor-based leak site and announcing that it would auction the allegedly stolen data if the union did not pay a ransom. The group was asking 20 Bitcoin for the information allegedly stolen from PSEA.
However, it is unclear how much PSEA might have paid. SecurityWeek has emailed the union for additional information on the matter and will update this article if a reply arrives.
Related: Infosys to Pay $17.5 Million in Settlement Over 2023 Data Breach
Related: Western Alliance Bank Discloses Data Breach Linked to Cleo Hack
Related: New York Sues Insurance Giant Over Data Breaches
Related: 18,000 Organizations Impacted by NTT Com Data Breach
