Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Pennsylvania State Education Association data breach impacts 500,000 individuals

A data breach at the Pennsylvania State Education Association exposed the personal information of over 500,000 individuals. The Pennsylvania State Education Association (PSEA) suffered a data breach that impacted 517,487 individuals. PSEA is a labor union representing teachers, education support professionals, and other school employees in Pennsylvania. It advocates for public education, negotiates contracts, and […]

Xsolis

A data breach at the Pennsylvania State Education Association exposed the personal information of over 500,000 individuals.

The Pennsylvania State Education Association (PSEA) suffered a data breach that impacted 517,487 individuals. PSEA is a labor union representing teachers, education support professionals, and other school employees in Pennsylvania. It advocates for public education, negotiates contracts, and provides professional development for its members. PSEA is affiliated with the National Education Association (NEA).

The incident occurred around July 6, 2024, and exposed people’s personal information. An investigation completed on February 18, 2025, confirmed that threat actors accessed personal information. The company added that it made efforts to ensure the stolen data was deleted, suggesting it has paid a ransom.

“PSEA experienced a security incident on or about July 6, 2024 that impacted our network environment. Through a thorough investigation and extensive review of impacted data which was completed on February 18, 2025, we determined that the data acquired by the unauthorized actor contained some personal information belonging to individuals whose information was contained within certain files within our network.” reads the data breach notification. ” We took steps, to the best of our ability and knowledge, to ensure that the data taken by the unauthorized actor was deleted.”

Compromised personal information includes full names in combination with one or more of the following elements: Date of Birth, Driver’s License or State ID, Social Security Number, Account Number, Account PIN, Security Code, Password and Routing Number, Payment Card Number, Payment Card PIN and Payment Card Expiration Date, Passport Number, Taxpayer ID Number, Username and Password, Health Insurance Information and Medical Information.

The company started notifying potentially impacted individuals.

The Pennsylvania State Education Association promptly launched an investigation into the security breach with the help of cybersecurity experts. PSEA also notified law enforcement.

PSEA is updating policies, boosting security, and enhancing monitoring to prevent breaches and strengthen data protection.

“We have no evidence that any of the information has been used for identity theft or to commit financial fraud. Nevertheless, out of an abundance of caution, we want to make the impacted individuals aware of the incident.” continues the notification.

PSEA provided one year of free credit monitoring and identity restoration services to the impacted individuals.

On September 9, 2024, the Rhysida ransomware group claimed responsibility for the security breach. The group added the company to its Tor leak site and demanded 20 Bitcoin-ransom to PSEA.

At this time, PSEA was removed from the gang’s Tor leak site.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Pennsylvania State Education Association)