The Pennsylvania State Education Association (PSEA) announced a recent data breach impacting the private personal information of 501,183 education professionals, including teachers, support staff, and nurses associated PSEA.

On or about March 17, 2025, PSEA notified individuals that an unauthorized third party gained access to its systems, compromising sensitive personal information. According to PSEA, the breach occurred on July 6, 2024, but PSEA did not notify affected individuals until over eight months later, which may have violated state and federal laws.

Reports indicate that the ransomware group Rhysida claimed responsibility for the attack and has allegedly posted stolen data on the dark web. Rhysida, a known cybercriminal organization, has targeted a wide range of industries in past attacks, often encrypting files and demanding ransom payments for decryption keys.

PSEA recently informed individuals that the following private information may have been stolen in the breach:

• Names
• Dates of birth
• Driver's license or state identification numbers
• Social Security numbers
• Account numbers, account PINs, security codes, and routing numbers
• Payment card numbers, payment card PINs, and payment card expiration dates
• Passport numbers
• Taxpayer identification numbers
• Usernames and passwords
• Health insurance information
• Medical information