PSEA Data Breach Impacts 517,487 Individuals

On February 18, 2025, Pennsylvania State Education Association (PSEA) discovered a massive data breach impacting approximately 517,487 people in the United States. The breach originated from a ransomware attack executed by the hacking group known as RHYSIDA.

The attackers gained unauthorized access to PSEA's network environment around July 6, 2024, and acquired sensitive personal data stored within certain files on the organization's systems.

PSEA confirmed that the unauthorized actor accessed and acquired various types of sensitive consumer information.

While not every impacted individual had all data elements exposed, the compromised information potentially includes PII and PHI like names, dates of birth, social security numbers, and medical information.

The RHYSIDA ransomware group publicly claimed responsibility for the attack, threatening to publish the stolen data on the dark web within 6-7 days unless demands were met.

PSEA reported the breach to the Maine Attorney General's office on March 19, 2025. According to the disclosure on the Maine Attorney General's website, 77 residents of Maine and 181 of Massachusetts were affected by this breach.

PSEA's response

Following discovery of the breach, PSEA engaged external cybersecurity professionals to investigate and respond to the incident. The organization also notified law enforcement authorities and took immediate steps to secure its network environment. Additionally, PSEA worked to ensure, to the best of its ability, that the data taken by the unauthorized actor was deleted.

PSEA is currently reviewing and enhancing its existing policies, training protocols, security measures, and monitoring tools to prevent similar incidents in the future.

To assist those impacted, PSEA is providing complimentary credit monitoring and identity restoration services through IDX to individuals whose Social Security numbers were exposed. Impacted individuals can enroll in these services by calling IDX at 1-877-720-5373 or by visiting the IDX enrollment page. The deadline to enroll is June 17, 2025.

PSEA recommends that affected individuals remain vigilant by regularly reviewing their financial account statements and credit reports for any signs of suspicious activity. Additionally, impacted individuals can take precautionary measures such as placing a fraud alert or security freeze on their credit files and obtaining a free annual credit report.

For further details and guidance, impacted individuals can contact PSEA's dedicated response line at 1-877-720-5373, available Monday through Friday from 9 am to 9 pm Eastern Time.