PSEA data breach potentially impacts half a million people

The Pennsylvania State Education Association (PSEA) notified almost 500,000 people that their personal information was stolen in a July 2024 data breach.

The company affected by this security breach is Pennsylvania’s largest public-sector organisation, and it represents more than 178,000 education professionals, including teachers, support workers, higher education personnel, nurses, retired educators, and future teachers.

According to the breach notification letters addressed to approximately 517,000 individuals, the organisation encountered a security issue on or around July 6, 2024, which impacted its network environment.

Following a thorough investigation and extensive review of impacted data, which was completed on February 18, 2025, the union determined that the data acquired by the unauthorised actor contained some personal information belonging to individuals whose information was contained within specific files on its network.

Moreover, academic institutions have stated that the stolen information varies by individual. Still, the confirmed data in the compromised dataset includes driver’s licenses or state IDs, SSNs, account PINs, security codes, payment card information, passport information, taxpayer ID numbers, credentials, health insurance information, and medical records.

Conversely, individuals whose Social Security numbers were impacted can enrol in the union’s free credit monitoring and identity protection by June 17, 2025.

It also encouraged people affected to monitor their financial statements and credit reports for any strange activity, request a free credit report, and place a fraud alert and/or security freeze on their credit files.

 

Rhysida ransomware operators claim responsibility for the attack on PSEA.

 

While PSEA did not reveal a specific threat actor that conducted the data breach attack, the Rhysida ransomware gang claimed the intrusion on September 9, 2024.

The cybercrime group demanded a ransom of 20 BTC and threatened to leak the stolen material if it was not paid.

While PSEA declined to say whether it paid to prevent the data breach, the ransomware group has removed the entry from their dark web leak site.

Rhysida affiliates are behind several opportunistic attacks against organisations in various industries, especially healthcare organisations. Therefore, US-based organisations should bolster their defences as they are the primary target of this notorious ransomware group.

PSEA-related parties should follow the advice of law enforcement agencies to avoid further compromises that the impacted data could cause.