Pennsylvania State Education Association Data Breach Impacts 500,000 Individuals
A devastating data breach at the Pennsylvania State Education Association (PSEA) has exposed the personal information of over 500,000 individuals, leaving many wondering how this could have happened and what measures are being taken to prevent similar incidents in the future.
About the PSEA
The PSEA is a labor union that represents teachers, education support professionals, and other school employees in Pennsylvania. It advocates for public education, negotiates contracts, and provides professional development for its members. The organization is affiliated with the National Education Association (NEA) and has a long history of working to improve the lives of educators and students across the state.
The Data Breach
The incident occurred on or about July 6, 2024, and exposed personal information belonging to individuals whose data was contained within certain files within PSEA's network. An investigation completed on February 18, 2025, confirmed that threat actors accessed the personal information.
Compromised Personal Information
The compromised personal information includes full names in combination with one or more of the following elements: Date of Birth, Driver’s License or State ID, Social Security Number, Account Number, Account PIN, Security Code, Password and Routing Number, Payment Card Number, Payment Card PIN and Payment Card Expiration Date, Passport Number, Taxpayer ID Number, Username and Password, Health Insurance Information and Medical Information.
Response and Recovery Efforts
PSEA promptly launched an investigation into the security breach with the help of cybersecurity experts. The organization also notified law enforcement and began notifying potentially impacted individuals. To support those affected, PSEA offered one year of free credit monitoring and identity restoration services.
Ransom Demand and Group Claimed Responsibility
On September 9, 2024, the Rhysida ransomware group claimed responsibility for the security breach and demanded 20 Bitcoin-ransom from PSEA. However, PSEA was removed from the gang's Tor leak site shortly after.
PSEA’s Response to the Breach
"We have no evidence that any of the information has been used for identity theft or to commit financial fraud," reads the data breach notification. "Nevertheless, out of an abundance of caution, we want to make the impacted individuals aware of the incident." PSEA is updating policies, boosting security, and enhancing monitoring to prevent breaches and strengthen data protection.
Consequences of the Breach
The consequences of this breach are far-reaching. With over 500,000 individuals affected, there is a significant risk of identity theft and financial fraud. PSEA's response to the breach highlights the importance of vigilance in protecting personal data and the need for organizations like PSEA to prioritize cybersecurity.
Prevention and Strengthening Data Protection
PSEA’s efforts to update policies, boost security, and enhance monitoring are a step in the right direction. As the organization continues to work towards preventing similar incidents, it is essential that individuals also take steps to protect their personal data.
What You Can Do
To minimize the risk of identity theft and financial fraud, individuals affected by the PSEA breach should:
- Take advantage of free credit monitoring and identity restoration services offered by PSEA
- Review their financial accounts for suspicious activity
- Monitor their credit reports regularly
- Use strong, unique passwords and enable two-factor authentication
- Keep personal data up to date and accurate
We will continue to monitor the situation and provide updates as more information becomes available.
Stay Informed
If you have any questions or concerns about the PSEA breach, please contact PSEA directly. Follow me on Twitter: @securityaffairs and Facebook and Mastodon (SecurityAffairs – hacking, Pennsylvania State Education Association) for the latest news and updates on this developing story.