- PSEA issues a letter of notification of data violation to more than 500,000 people
- He warned against a data violation which occurred in July 2024
- Data violation has exposed personal, financial and health information
A data violation at the Pennsylvania State Education Association (PSEA) has potentially exposed more than half a million people to identity, phishing or wire fraud.
The Pennsylvania Public Sector Union sent a letter of data violation to 517,487 people, to warn them of a cybersecurity incident which occurred in July 2024.
PSEA is a union and professional organization representing public school educators, higher education teachers, school staff and retired educators at Pennsylvania. He has thousands of members and plays a crucial role in contracting contracts, lobbying for financing education and the supply of professional development. The association also focuses on students centered on students, promoting safe and effective learning environments.
Rhysida Strikes
“The PSEA experienced a security incident on July 6, 2024 towards this date which had an impact on our network environment,” he said in the notification letter.
“Thanks to an in -depth survey and an in -depth review of the affected data which was completed on February 18, 2025, we determined that the data acquired by the unauthorized actor contained personal information belonging to individuals whose information was contained in certain files of our network.”
Although the type of stolen information varies from person to person, it mainly contains personal, financial and health data.
The names of the people, the driving license numbers, the status IDs, the social security numbers, the spindle numbers, the security codes, the information on the payment card, the information on passports, the taxpayer identification numbers, the health insurance information and the medical information has all been exposed to a certain extent.
Although the organization has not discussed threat actors, Bleeping Compompute noted that the Ransomware group called Rhysida claimed the responsibility of the attack in early September 2024.
Apparently, the organization demanded 20 BTC, which, at the time, was equal to around 1.1 million dollars. It is not known whether the PSEA paid for ransom or not, but the publication indicates that the entry was then deleted from the Dark web leak site.
Via Bleeping Compompute
