A major cyberattack targeted the Pennsylvania State Education Association (PSEA), compromising the personal data of more than 500,000 individuals. The breach occurred in July 2024 but only came to light after a lengthy investigation that concluded in February 2025.
PSEA represents over 178,000 educators, including teachers, administrators, and support staff across Pennsylvania. In letters sent to 517,487 people, the organization confirmed that attackers gained access to sensitive files within its systems.
Stolen Data Includes Financial and Health Information
The stolen data varied for each person. In many cases, it included highly sensitive information. This data involved Social Security numbers, driver’s licenses, passport details, tax IDs, account PINs, payment card data, and health insurance records. Some users may also find their login credentials were taken.
To help protect those affected, PSEA is offering free identity restoration and credit monitoring through IDX. This offer applies to anyone whose Social Security number was exposed. Affected users must enroll by June 17, 2025. The union also urges individuals to monitor their bank statements and credit reports. It recommends placing fraud alerts or credit freezes to prevent identity theft.
Rhysida Ransomware Group Behind the Attack
While PSEA did not name the attackers, the Rhysida ransomware gang took responsibility for the breach. On September 9, 2024, the group demanded a ransom of 20 Bitcoin. They threatened to leak the data unless paid. Though PSEA hasn’t confirmed any payment, Rhysida later removed the data listing from its dark web leak site.
Rhysida operates as a ransomware-as-a-service (RaaS). The group has carried out high-profile attacks since 2023. Past targets include the British Library, Chilean military, and Sony’s Insomniac Games. In each case, Rhysida used stolen data as leverage to extort millions.
Rhysida’s Growing Impact on Public Institutions
Rhysida’s reach continues to grow. In February 2024, the group attacked Lurie Children’s Hospital in Chicago. They demanded 60 Bitcoin in exchange for patient data. In another case, nearly 900,000 records were stolen from Singing River Health System. The City of Columbus also reported a breach in July 2024, affecting half a million people.
Federal agencies like CISA and the FBI have warned about Rhysida’s increasing activity. The U.S. Department of Health and Human Services also connected the group to multiple healthcare-related attacks. These warnings highlight the urgent need for organizations to strengthen their cybersecurity defenses.
