- The CTO vs. CMO AI power struggle - who should really be in charge?
- I found an Android phone that can convince iPhone users to make the switch - and it's not a flagship
- Finally, Bluetooth trackers for Android users that function better than AirTags (and they're on sale)
- The 8TB T5 Evo SSD is back in stock and over $150 off at Samsung
- The 40+ best early Amazon Spring Sale TV deals 2025: Save over $2,000
Over Half a Million Hit by Pennsylvania Schools Union Breach
More than half a million current and former members of the Pennsylvania State Education Association (PSEA) have received breach notifications following a major incident last year.
According to a posting on the website of the Office of the Maine Attorney General, a total of 517,487 individuals were impacted by the data breach, which occurred on July 6 2024.
The PSEA finally completed its investigation into the incident on February 18 this year, determining that an unauthorized threat actor had “acquired” personal information belonging to its members.
“We want to stress that not all data elements were acquired for every impacted individual,” it said in the notification letter.
“However, the impacted data may include an individual’s full name in combination with one or more of the following elements: date of birth, driver’s license or state ID, social security number, account number, account PIN, security code, password and routing number, payment card number, payment card PIN and payment card expiration date, passport number, taxpayer ID number, username and password, health insurance information and medical information.”
Read more on ransomware breaches: Only a Fifth of Ransomware Attacks Now Encrypt Data
Although no details were shared in the notification, it’s believed that the Rhysida ransomware-as-a-service gang was responsible.
“We took steps, to the best of our ability and knowledge, to ensure that the data taken by the unauthorized actor was deleted,” the PSEA said, implying that it paid a ransom.
“We have no evidence that any of the information has been used for identity theft or to commit financial fraud.”
However, monetization of the data is still possible. The long list of sensitive information exposed in the breach could give threat actors a treasure trove of data to exploit in payment, insurance and tax fraud, or to use in phishing attacks designed to elicit further details.
“Situations like this are a reminder that making a ransomware payment does not guarantee a positive outcome. Doing so may further enable cybercriminals to profit and advance their operations and campaigns, and may further incentivize future attacks,” argued AttackIQ engineering manager, Andrew Costis.
“To best defend against attacks like this, it is critical for all organizations that manage sensitive information to rigorously test their security controls. By validating their defenses against attackers’ known tactics, techniques and procedures (TTPs), security teams can proactively assess their security posture and identify any weaknesses.”
As the state’s largest union for the education sector, the PSEA claims to represent over 180,000 educators and support staff in Pennsylvania.
