The Pennsylvania State Education Association this week confirmed it notified 517,487 people of a July 2024 data breach that compromised the following personal info:
- Names
- Social Security numbers
- Account numbers and PINs
- Security codes
- Passwords
- Routing numbers
- Credit/debit card numbers, PINs, and expiration dates
- Passport numbers
- Taxpayer ID numbers
- Usernames
- Health insurance info
- Medical info
- Dates of birth
- Drivers license or state-issued ID
Ransomware gang Rhysida claimed responsibility for the breach in September 2024 and gave the PSEA one week to pay 20 bitcoins in ransom, worth about $1.14 million at the time. To prove its claim, the group posted images of what it says are documents stolen from the PSEA.
The PSEA has not verified Rhysida’s claim. We do not know if the PSEA paid a ransom or how attackers breached its network. Comparitech contacted the PSEA for comment and will update this article if it replies.
“PSEA experienced a security incident on or about July 6, 2024 that impacted our network environment,” says the PSEA’s notice to victims. “[…] we determined that the data acquired by the unauthorized actor contained some personal information belonging to individuals whose information was contained within certain files within our network.”
The PSEA is offering eligible victims 12 months of free credit monitoring through IDX. The deadline to enroll is June 17, 2025.
Who is Rhysida?
Rhysida is thought to have ties to the ransomware group Vice Society and first surfaced in May 2023. Its ransomware can steal data and lock down targeted systems. It then demands a ransom both for deleting stolen data and for a key to restore infected systems.
Rhysida has claimed 82 confirmed ransomware attacks since it began, compromising more than 5.3 million records. Its average ransom demand is $1.08 million.
Rhysida claimed responsibility for several large breaches in recent months. Community Care Alliance notified 115,000 people of a breach in July 2024, and Sunflower Medical Group notified 221,000 people in December 2024. Rhysida claimed both.
Rhysida claimed two confirmed attacks so far in 2025 on the The Agency (UK) and Best Collateral (USA), plus another 15 unconfirmed attacks that haven’t been acknowledged by the targeted organizations.
Ransomware attacks on US education
Ransomware attacks can both steal data and lock down computer systems. Organizations are then forced to either pay a ransom or face extended downtime, data loss, and putting data subjects at increased risk of fraud.
In 2024, Comparitech researchers logged 74 confirmed ransomware attacks on the US education sector, 72 of which were against schools and colleges. These attacks compromised more than 3 million records in total. Rhysida’s attack on the PSEA is the third-largest of the year by number of records affected. The largest such attacks in 2024 were on Texas Tech University Health Sciences Center (1.5 million) and Chicago Public Schools (700,000).
In 2025 so far, we are tracking nine confirmed ransomware attacks on US education, plus another 31 unconfirmed claims that haven’t been acknowledged by the targeted organizations.
About the Pennsylvania State Education Association
The Pennsylvania State Education Association is the state’s largest public sector union, representing more than 187,000 teachers and other school staff.
