The Pennsylvania State Education Association (PSEA) recently disclosed that threat actors stole the personal data of over 500,000 people in a data breach.
PSEA discloses significant data breach
A cybersecurity incident exposed the personal data of more than half a million individuals associated with the PSEA to threat actors.
The Pennsylvania State Education Association, counting over 187,000 teachers, counselors, healthcare workers, educational support professionals, educators, students, and other education professionals, is the state’s largest community of education professionals.
Breach notification reaches over 500,000 individuals
After learning of the incident, which occurred around July 6 last year, the PSEA sent breach notification letters to all 517,487 impacted individuals.
“Through a thorough investigation and extensive review of impacted data which was completed on February 18, 2025, we determined that the data acquired by the unauthorized actor contained some personal information belonging to individuals whose information was contained within certain files within our network,” reads PSEA’s notice.
Multiple types of sensitive information stolen
According to the PSEA, threat actors exfiltrated several types of sensitive information, including:
- Personal data
- Financial information
- Health-related information
- Driver’s license
- State IDs
- Account personal identification numbers (PINs)
- Taxpayer ID numbers
- Social Security numbers (SSNs)
- Security codes
- Passport information
- Payment card information
- Health insurance data
- Medical information
- Account credentials
In response to the data breach, the PSEA offered complimentary identity theft protection and credit monitoring services to individuals whose SSNs were exposed to attackers.
The association recommends everybody affected to keep a close eye on their credit reports and account statements for suspicious activity.
Rhysida ransomware claimed the attack last year
Although the PSEA hasn’t disclosed the identity of the perpetrators, the infamous Rhysida ransomware group claimed the attack on Sept 9, 2024.
The cybercrime syndicate threatened to leak stolen data if the association failed to pay a ransom of 20 BTC (approximately $1.12 million at the time).
While the PSEA didn’t say whether it gave in to Rhysida’s extortion, the stolen data trove was removed from the threat actors’ dedicated leak website on the Dark Web.
The importance of being prepared for data breaches
Data breaches strike indiscriminately, regardless of how well-prepared companies or their customers are.
Dedicated software like Bitdefender Digital Identity Protection can help you prepare for data breaches and other security incidents where your data may be exposed to threat actors.
It allows you to access an overview of your online data, constantly monitors the public and the Dark Web, immediately alerts you if you have been compromised in a breach, and instantly patches weak spots in your digital footprint.