Major US teacher's union breach exposed 500k members' to hackers

Last updated: 19 March 2025
PSEA
Image by Cybernews

Over 500,000 members of Pennsylvania's major teacher's union had sensitive personal and financial data stolen in a cyberattack, despite PSEA reassurances.

Malicious actors have targeted the Pennsylvania State Education Association (PSEA), a labor union representing educators across the state.

PSEA identified that the attack occured on July 6th, 2024, when threat actors accessed the association’s internal network.

ADVERTISEMENT

An investigation concluded in February this year, revealing that attackers had accessed the highly sensitive personal data of over half a million individuals.

“As part of our investigation, we have worked closely with external cybersecurity professionals and notified law enforcement of the incident,” the association said.

Among the stolen data were full names in combination with one or more of the following personal data:

  • Date of Birth
  • Driver’s License or State ID
  • Social Security Number
  • Account Number
  • Account PIN
  • Security Code
  • Password
  • Routing Number
  • Payment Card Number
  • Payment Card PIN
  • Payment Card Expiration Date
  • Passport Number
  • Taxpayer ID Number
  • Username
  • Password
  • Health Insurance Information
  • Medical Information

Exposing such data is highly dangerous, as attackers could exploit it or sell it to other criminals on the dark web for illegal purposes such as identity theft, credit card fraud, or setting up fake businesses.Exposed credentials could lead to an account takeover, while the financial data could be used to access bank accounts or make unauthorized transactions.

Despite the highly sensitive nature of the stolen data, PSEA calls to stay calm as they have “no evidence” that any of the stolen information has been used for identity theft or to commit financial fraud.

“We took steps, to the best of our ability and knowledge, to ensure that the data taken by the unauthorized actor was deleted,” states PSEA in a notice submitted to regulators in Maine.

The Office of the Maine Attorney General states that, in total, 517,487 people were affected by the hack. PSEA has offered affected individuals 12 months of free credit monitoring and identity theft protection services.

ADVERTISEMENT

“We continually evaluate and modify our practices and internal controls to enhance the security and privacy of the protected personal information entrusted to us,” PSEA concluded.

vilius Gintaras Radauskas Ernestas Naprys Paulina Okunyte
Don’t miss our latest stories on Google News
Google News Follow us
Share
Post
Share
Share
Share
More from Cybernews
Alien life still a “strong maybe”on K2-18b, after NASA telescope detection
What will happen to Runna after Strava buyout?
ChatGPT users claim their chats have been swapped
YouTuber’s pixelation fail: private video part unmasked in hours
UK hits Google with multi-billion dollar antitrust lawsuit
iPhone AI app leaked user-generated NSFW stories
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked