- PSEA issues a data violation notification letter to more than 500,000 people
- Warned about a data violation that occurred in July 2024
- The violation of personal, financial and health information data exposed
A violation of data in the Association of Education of the State of Pennsylvania (PSEA) has potentially exposed more than half a million people to identity theft, phishing or fraud to the cable.
The Pensylvania Public Sector Union has sent a data violation notification letter to 517,487 individuals, to warn them about a cybersecurity incident that occurred in July 2024.
PSEA is a union and a professional organization that represents public school educators, higher education professors, school staff and retired educators in Pennsylvania. It has thousands of members and plays a crucial role in the negotiation of contracts, pressing the financing of education and providing professional development. The association also focuses on student -centered policies, promoting safe and effective learning environments.
Rhysida strikes
“PSEA experienced a security incident around July 6, 2024 that hit our network environment,” he says on the notification letter.
“Through an exhaustive investigation and an extensive review of the impacted data that were completed on February 18, 2025, we determined that the data acquired by the unauthorized actor contained certain personal information that belonged to people whose information was contained within certain files within our network.”
While the type of stolen information varies from one person to another, mainly contains personal, financial and health data.
People’s names, driver’s license numbers, state identifications, social security numbers, PIN numbers, security codes, payment card information, passport information, taxpayer identification numbers, credentials, health insurance and medical information were exposed to some extent.
While the organization did not discuss threat actors, Bleepingcomputer He discovered that the ransomware group called Rhysida attributed the responsibility of the attack in early September 2024.
Apparently, the organization demanded 20 BTC that, at that time, was equivalent to approximately $ 1.1 million. It is unknown if PSEA paid the rescue demand or not, but the publication establishes that the entrance was subsequently eliminated from the dark website escape.
Through Bleepingcomer
