The Pennsylvania State Education Association (PSEA) suffered a major data breach, compromising the personal information of more than 500,000 teachers, retirees, and school staff. The attack, claimed by the Rhysida ransomware group, was discovered on July 6, 2024, yet PSEA did not notify affected individuals until March 2025—nearly eight months later.
Hackers accessed highly sensitive data, including:
- Social Security numbers
- Bank and credit card details, including PINs and passwords
- Driver’s license information
- Health insurance and medical records
After detecting the breach, PSEA hired third-party cybersecurity experts to investigate. Their review, completed on February 18, 2025, confirmed that personal and financial information had been compromised. PSEA then filed a notice with the Maine Attorney General’s Office on March 18, 2025, and began notifying impacted individuals. Reports indicate that the hackers demanded 20 Bitcoin (approximately $1.1 million at the time), though it remains unclear if PSEA paid the ransom.
As KEYTA’s membership grows, many of you may have previously been union members—meaning PSEA could still have your data on file, as unions often retain sensitive member information for political outreach and organizing. Given the scale of this data breach, we want to ensure our members are aware.
If you were a past union member, we encourage you to monitor your personal and financial accounts for any suspicious activity.
At KEYTA, we take your privacy seriously. We collect only the necessary information to serve our members and implement strict security measures to protect your data.
