Pierluigi Paganini March 20, 2025

A data breach at the Pennsylvania State Education Association exposed the personal information of over 500,000 individuals.

The Pennsylvania State Education Association (PSEA) suffered a data breach that impacted 517,487 individuals. PSEA is a labor union representing teachers, education support professionals, and other school employees in Pennsylvania. It advocates for public education, negotiates contracts, and provides professional development for its members. PSEA is affiliated with the National Education Association (NEA).

The incident occurred around July 6, 2024, and exposed people’s personal information. An investigation completed on February 18, 2025, confirmed that threat actors accessed personal information. The company added that it made efforts to ensure the stolen data was deleted, suggesting it has paid a ransom.

“PSEA experienced a security incident on or about July 6, 2024 that impacted our network environment. Through a thorough investigation and extensive review of impacted data which was completed on February 18, 2025, we determined that the data acquired by the unauthorized actor contained some personal information belonging to individuals whose information was contained within certain files within our network.” reads the data breach notification. ” We took steps, to the best of our ability and knowledge, to ensure that the data taken by the unauthorized actor was deleted.”

Compromised personal information includes full names in combination with one or more of the following elements: Date of Birth, Driver’s License or State ID, Social Security Number, Account Number, Account PIN, Security Code, Password and Routing Number, Payment Card Number, Payment Card PIN and Payment Card Expiration Date, Passport Number, Taxpayer ID Number, Username and Password, Health Insurance Information and Medical Information.

The company started notifying potentially impacted individuals.

The Pennsylvania State Education Association promptly launched an investigation into the security breach with the help of cybersecurity experts. PSEA also notified law enforcement.

PSEA is updating policies, boosting security, and enhancing monitoring to prevent breaches and strengthen data protection.

“We have no evidence that any of the information has been used for identity theft or to commit financial fraud. Nevertheless, out of an abundance of caution, we want to make the impacted individuals aware of the incident.” continues the notification.

PSEA provided one year of free credit monitoring and identity restoration services to the impacted individuals.

On September 9, 2024, the Rhysida ransomware group claimed responsibility for the security breach. The group added the company to its Tor leak site and demanded 20 Bitcoin-ransom to PSEA.

At this time, PSEA was removed from the gang’s Tor leak site.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Pennsylvania State Education Association)