Pennsylvania education union data breach affects over 500K people
Learn More
The Pennsylvania State Education Association (PSEA), Pennsylvania's largest public-sector union representing over 178,000 education professionals, is reporting a data breach that occurred on July 6, 2024.
The Rhysida ransomware gang publicly claimed responsibility for the breach and demanded a ransom of 20 Bitcoin.
After a lengthty investigation completed on February 18, 2025, PSEA confirmed that unauthorized actors had accessed and acquired sensitive personal information from its network, impacting 517,487 individuals. The compromised data included:
- Full names
- Dates of birth
- Driver's license numbers and state IDs
- Social Security numbers
- Account numbers, PINs, and security codes
- Routing numbers
- Payment card information including numbers, PINs, and expiration dates
- Passport information
- Taxpayer ID numbers
- Usernames and passwords/credentials
- Health insurance information
- Medical information
PSEA stated they "took steps, to the best of our ability and knowledge, to ensure that the data taken by the unauthorized actor was deleted," suggesting some form of negotiation and payment have occurred. Rhysida gang removed the PSEA entry from their dark web leak site. PSEA has not explicitly confirmed whether they paid the ransom.
PSEA is offering free IDX credit monitoring and identity restoration services to individuals whose Social Security numbers were compromised, provided they enroll by June 17, 2025. The union claims they have no evidence that any of the compromised information had been used for identity theft or financial fraud.
