The Pennsylvania Education Association (PSEA), a labor union representing educators across the state, says hackers have stole sensitive personal information from more than half a million members.
PSEA is the largest organization for Pennsylvania educators representing current and former teachers, counselors, healthcare workers and school social workers.
In a filing Tuesday with the Maine Attorney General, PSEA said it had experienced a cyberattack in July 2024.
Stolen data contains highly sensitive personal information, including member government-issued identification documents, Social Security numbers, passport numbers, medical information, financial information including card numbers, and related pins and expiration dates.
PSEA said that the member's account number, pins, passwords and security codes were also accessed during the violation, according to a letter sent to the affected individual.
“I would like to emphasize that not all data elements were obtained for all affected individuals,” PSEA told members affected by the letter.
PSEA also stated that “using the fullest use of our capabilities and knowledge, we took steps to ensure that data taken by unauthorized actors have been deleted,” meaning that PSEA was the target of ransomware or data extortion attacks, and then paid the person responsible for the ransom demand.
Paying for ransom demand is not a guarantee that a malicious hacker has deleted the stolen data. Last year's infamous Rock Bit ransomware takedown gang unraveled evidence that gang hackers still hold ream data belonging to victims who paid ransom demand.
PSEA did not respond to TechCrunch questions.