Get stories like this delivered straight to your inbox. Sign up for The 74 Newsletter

Personal records of more than a half-million people were compromised in a cyberattack that occurred last July on the Pennsylvania State Education Association. The union acknowledged the data breach this week.

On March 17, the state’s largest teachers union sent letters about a security data breach that occurred July 6, 2024. An investigation into the incident, completed Feb. 18, found that sensitive personal information was acquired by an “unauthorized actor” who accessed files on the union’s network, according to the letter.

The letter said people’s names were revealed, along with birthdates, user names and passwords, Social Security numbers, payment information, passport numbers, taxpayer identification and bank account numbers, and health insurance and medical information.

The union refused to comment on how widespread the attack was, but a data breach tracker maintained by the Maine Attorney General’s Office said 517,487 people were affected.

“We took steps, to the best of our ability and knowledge, to ensure that the data taken by the unauthorized actor was deleted,” the union said in the notification letter.

The Rhysida ransomware gang claimed on its dark web site in September that it had carried out a cyberattack on the union. In 2023 and 2024, the same group claimed data thefts of sensitive documents from school districts in Maryland, Texas, New Jersey and Tennessee.

The union, which represents 178,000 members, said in an email statement that it isn’t aware of identity theft connected to the breach.

“As soon as we became aware of this incident, we engaged cybersecurity professionals with expertise in these occurrences,” the union told The 74. “We are complying with all legal and regulatory requirements, and are providing credit monitoring for eligible individuals who were impacted by this incident.”

Get stories like these delivered straight to your inbox. Sign up for The 74 Newsletter