Teachers Union Data Breach: 500,000 Members Affected

Data Breach at Pennsylvania State Education Association

The Pennsylvania State Education Association (PSEA), the union representing educators throughout Pennsylvania, has reported a significant data breach. Hackers successfully compromised the security of member information.

Details of the Incident

PSEA, the largest educators' organization in the state, represents a diverse group of professionals. This includes current and retired teachers, counselors, healthcare staff, and school social workers.

A cyberattack occurred in July 2024, resulting in unauthorized access to the PSEA network. This access allowed malicious actors to steal data pertaining to over 517,000 individuals, as disclosed in a filing with Maine’s attorney general.

Types of Data Compromised

The data stolen during the breach was highly sensitive in nature. It encompassed government-issued identification, Social Security numbers, and passport details.

Furthermore, the compromised data included medical records and financial information. This financial data contained credit and debit card numbers, alongside their corresponding PINs and expiration dates.

Account numbers, PINs, passwords, and security codes were also accessed by the perpetrators, as communicated in a notification letter to those affected.

Scope of the Breach

It’s important to note that not every individual experienced the compromise of all data elements. The extent of data exposure varied among impacted members, according to PSEA.

Potential Ransomware Involvement

PSEA stated they took measures to attempt the deletion of the stolen data by the unauthorized party. This suggests a possible ransomware or data extortion scenario, potentially involving a ransom payment.

However, paying a ransom does not guarantee data deletion. Evidence from the LockBit ransomware gang’s takedown last year revealed that stolen data was often retained even after ransom payments were made.

Lack of Response

PSEA has not yet responded to inquiries from TechCrunch regarding this incident.

The incident underscores the increasing threat of cyberattacks targeting organizations holding sensitive personal data. Protecting member information remains a critical priority for the PSEA.