Data breach at Pennsylvania education union potentially exposes 500,000 victims

News
By published

Pennsylvania State Education Association suffered a ransomware attack in 2024

Lock on Laptop Screen
(Image credit: Shutterstock.com) (Image credit: Future)
  • PSEA issues data breach notification letter to more than 500,000 individuals
  • It warned about a data breach that happened in July 2024
  • The data breach exposed personal, financial, and health information

A data breach at the Pennsylvania State Education Association (PSEA) has potentially exposed more than half a million people to identity theft, phishing, or wire fraud.

The Pennsylvania public sector union has sent a data breach notification letter to 517,487 individuals, to warn them about a cybersecurity incident that happened in July 2024.

PSEA is a labor union and professional organization representing public school educators, higher education faculty, school staff, and retired educators across Pennsylvania. It has thousands of members, and plays a crucial role in negotiating contracts, lobbying for education funding, and providing professional development. The association also focuses on student-centered policies, promoting safe and effective learning environments.

Rhysida strikes

"PSEA experienced a security incident on or about July 6, 2024 that impacted our network environment," it says in the notification letter.

"Through a thorough investigation and extensive review of impacted data which was completed on February 18, 2025, we determined that the data acquired by the unauthorized actor contained some personal information belonging to individuals whose information was contained within certain files within our network."

While the type of information stolen varies from person to person, it mostly contains personal, financial, and health data.

People’s names, driver’s license numbers, state IDs, Social Security numbers, PIN numbers, security codes, payment card information, passport information, taxpayer ID numbers, credentials, health insurance and medical information were all exposed in some measure.

While the organization did not discuss the threat actors, BleepingComputer found that the ransomware group called Rhysida claimed responsibility for the attack in early September 2024.

Apparently, the organization demanded 20 BTC which, at the time, equaled approximately $1.1 million. It is unknown if PSEA paid the ransom demand or not, but the publication states that the entry was subsequently removed from the dark web leak site.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
How to prevent cyberattacks
PowerSchool breach worse than thought, company says "all" student and teacher data accessed
A digital representation of a lock
PowerSchool hit by cyberattack which saw student and teacher data stolen
healthcare
Top US health provider tells 882,000 patients they were hit in August 2023 breach
security
Ransomware gangs allegedly hit two major US healthcare firms, 300,000 patients have data stolen
security
PowerSchool hack keeps getting worse - 62 million students now thought to be affected
A person's fingers type at a keyboard, with a digital security screen with a lock on it overlaid.
Blood donation firm reveals donor personal data stolen in cyberattack
Latest in Security
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
An American flag flying outside the US Capitol building against a blue sky
Five Eyes "cannot replace US intel in Ukraine", claims former US Cyber Command Chief
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Criminals are using a virtual hard disk image file to host and distribute dangerous malware
WordPress on a laptop
Over 20,000 WordPress sites hit by damaging malware campaign
Trojan
WhatsApp patches security flaw which let hackers install spyware
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedly left users exposed for months
Latest in News
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
Boston Dynamics all electric Altas
This robot can do a cartwheel better than me and now I'm freaking out – but in a good way
A image of Saros character Arjun
Housemarque’s boss is surprisingly positive about Sony’s acquisition – and it’s good news for Saros
Oura Ring 4
One of Apple's top health execs is ditching the company for Oura, and I've never been more convinced smart rings are the future
Nvidia logo
Nvidia RTX 5060 Ti could be delayed to mid-April and RTX 5060 to mid-May – is AMD starting to look like a clear winner in the battle of Blackwell vs RDNA 4 GPUs?
The A Minecraft Movie Meal from McDonald's.
McDonald's reveals A Minecraft Movie meal with a bizarre set of collectibles and the most sinister sounding sauce ever
More about security
Trojan

WhatsApp patches security flaw which let hackers install spyware
WordPress on a laptop

Over 20,000 WordPress sites hit by damaging malware campaign
Samsung Galaxy Tab S9 FE Plus on a desk showing the rear of the device from above

The Samsung Galaxy Tab S10 FE could be a powerful iPad Air rival, based on the latest specs rumors
See more latest
Most Popular
Samsung Galaxy Tab S9 FE Plus on a desk showing the rear of the device from above
The Samsung Galaxy Tab S10 FE could be a powerful iPad Air rival, based on the latest specs rumors
Trojan
WhatsApp patches security flaw which let hackers install spyware
God of War 20th anniversary vinyl box set.
The God of War 20th anniversary vinyl box set features 13 discs and 150 remastered songs
Boston Dynamics all electric Altas
This robot can do a cartwheel better than me and now I'm freaking out – but in a good way
A image of Saros character Arjun
Housemarque’s boss is surprisingly positive about Sony’s acquisition – and it’s good news for Saros
Oura Ring 4
One of Apple's top health execs is ditching the company for Oura, and I've never been more convinced smart rings are the future
The A Minecraft Movie Meal from McDonald's.
McDonald's reveals A Minecraft Movie meal with a bizarre set of collectibles and the most sinister sounding sauce ever
Apple iPhone 16e REVIEW
The iPhone 16e’s 5G performance seemingly has the iPhone 16’s beat
Assassin's Creed Shadows
I was already sold on Assassin's Creed Shadows on PS5 Pro, but now the devs are teasing that the game will soon get a boost from PSSR
Smeg kettle and toaster in Jade Green on kitchen counter with spiced tea
Smeg's color of the year is like a Venetian canal winding through your kitchen, and it's making me want to hop in a gondola