TZUTC: -0500   
   MSGID: 566.consprcy@1:2320/105 2c42bff4   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Data breach at Pennsylvania education union potentially exposes 500,000   
   victims   
      
   Date:   
   Thu, 20 Mar 2025 14:35:55 +0000   
      
   Description:   
   The Pennsylvania State Education Association suffered a ransomware attack in   
   2024 which exposed sensitive user data on thousands.   
      
   FULL STORY   
      
   A data breach at the Pennsylvania State Education Association (PSEA) has   
   potentially exposed more than half a million people to identity theft,   
   phishing, or wire fraud.    
      
   The Pennsylvania public sector union has sent a data breach notification   
   letter to 517,487 individuals, to warn them about a cybersecurity incident   
   that happened in July 2024.    
      
   PSEA is a labor union and professional organization representing public    
   school educators, higher education faculty, school staff, and retired   
   educators across Pennsylvania. It has thousands of members, and plays a   
   crucial role in negotiating contracts, lobbying for education funding, and   
   providing professional development. The association also focuses on   
   student-centered policies, promoting safe and effective learning    
   environments.   
      
   Rhysida strikes    
      
   "PSEA experienced a security incident on or about July 6, 2024 that impacted   
   our network environment," it says in the notification letter.    
      
   "Through a thorough investigation and extensive review of impacted data which   
   was completed on February 18, 2025, we determined that the data acquired by   
   the unauthorized actor contained some personal information belonging to   
   individuals whose information was contained within certain files within our   
   network."    
      
   While the type of information stolen varies from person to person, it mostly   
   contains personal, financial, and health data.    
      
   Peoples names, drivers license numbers, state IDs, Social Security numbers,   
   PIN numbers, security codes, payment card information, passport information,   
   taxpayer ID numbers, credentials, health insurance and medical information   
   were all exposed in some measure.    
      
   While the organization did not discuss the threat actors, BleepingComputer   
   found that the ransomware group called Rhysida claimed responsibility for the   
   attack in early September 2024.    
      
   Apparently, the organization demanded 20 BTC which, at the time, equaled   
   approximately $1.1 million. It is unknown if PSEA paid the ransom demand or   
   not, but the publication states that the entry was subsequently removed from   
   the dark web leak site.    
      
   Via BleepingComputer   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/data-breach-at-pennsylvania-education-u   
   nion-potentially-exposes-500-000-victims   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426