Pennsylvania Teachers Union Admits Cyberattack That Hit 500,000 People in July
Personal records of more than a half-million people were compromised in a cyberattack that occurred last July on the Pennsylvania State Education Association. The union acknowledged the data breach this week.
On March 17, the state's largest teachers union sent letters about a security data breach that occurred July 6, 2024. An investigation into the incident, completed Feb. 18, found that sensitive personal information was acquired by an 'unauthorized actor' who accessed files on the union's network, according to the letter.
The letter said people's names were revealed, along with birthdates, user names and passwords, Social Security numbers, payment information, passport numbers, taxpayer identification and bank account numbers, and health insurance and medical information.
Get stories like this delivered straight to your inbox. Sign up for The 74 Newsletter
Get stories like this delivered straight to your inbox. Sign up for The 74 Newsletter
The union refused to comment on how widespread the attack was, but a data breach tracker maintained by the Maine Attorney General's Office said 517,487 people were affected.
'We took steps, to the best of our ability and knowledge, to ensure that the data taken by the unauthorized actor was deleted,' the union said in the notification letter.
Related
The Rhysida ransomware gang claimed on its dark web site in September that it had carried out a cyberattack on the union. In 2023 and 2024, the same group claimed data thefts of sensitive documents from school districts in Maryland, Texas, New Jersey and Tennessee.
The union, which represents 178,000 members, said in an email statement that it isn't aware of identity theft connected to the breach.
'As soon as we became aware of this incident, we engaged cybersecurity professionals with expertise in these occurrences,' the union told The 74. 'We are complying with all legal and regulatory requirements, and are providing credit monitoring for eligible individuals who were impacted by this incident.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Boston Globe
an hour ago
- Boston Globe
Scammers are using AI to enroll fake students in online classes, then steal college financial aid
When she checked her student loan servicer account, Brady saw the scammers hadn't stopped there. A loan for over $9,000 had been paid out in her name — but to another person — for coursework at a California college. 'I just can't imagine how many people this is happening to that have no idea,' Brady said. The rise of artificial intelligence and the popularity of online classes have led to an explosion of financial aid fraud. Fake college enrollments have been surging as crime rings deploy 'ghost students' — chatbots that join online classrooms and stay just long enough to collect a financial aid check. Get Starting Point A guide through the most important stories of the morning, delivered Monday through Friday. Enter Email Sign Up In some cases, professors discover almost no one in their class is real. Students get locked out of the classes they need to graduate as bots push courses over their enrollment limits. And victims of identity theft who discover loans fraudulently taken out in their names must go through months of calling colleges, the Federal Student Aid office and loan servicers to try to get the debt erased. Advertisement On Friday, the U.S. Education Department introduced a temporary rule requiring students to show colleges a government-issued ID to prove their identity. It will apply only to first-time applicants for federal student aid for the summer term, affecting some 125,000 borrowers. The agency said it is developing more advanced screening for the fall. Advertisement 'The rate of fraud through stolen identities has reached a level that imperils the federal student aid program,' the department said in its guidance to colleges. Public colleges have lost millions of dollars to fraud An Associated Press analysis of fraud reports obtained through a public records request shows California colleges in 2024 reported 1.2 million fraudulent applications, which resulted in 223,000 suspected fake enrollments. Other states are affected by the same problem, but with 116 community colleges, California is a particularly large target. Criminals stole at least $11.1 million in federal, state and local financial aid from California community colleges last year that could not be recovered, according to the reports. Colleges typically receive a portion of the loans intended for tuition, with the balance going directly to students for other expenses. Community colleges are targeted in part because their lower tuition means larger percentages of grants and loans go to borrowers. Scammers frequently use AI chatbots to carry out the fraud, targeting courses that are online and allow students to watch lectures and complete coursework on their own time. In January, Wayne Chaw started getting emails about a class he never signed up for at De Anza Community College, where he had taken coding classes a decade earlier. Identity thieves had obtained his Social Security number and collected $1,395 in financial aid in his name. The energy management class required students to submit a homework assignment to prove they were real. But someone wrote submissions impersonating Chaw, likely using a chatbot. 'This person is typing as me, saying my first and last name. ... It's very freaky when I saw that,' said Chaw. Advertisement The fraud involved a grant, not loans, so Chaw himself did not lose money. He called the Social Security Administration to report the identity theft, but after five hours on hold, he never got through to a person. As the Trump administration moves to dismantle the Education Department, federal cuts may make it harder to catch criminals and help victims of identity theft. In March, the Trump administration fired more than 300 people from the Federal Student Aid office, and the department's Office of Inspector General, which investigates fraud, has lost more than 20% of its staff through attrition and retirements since October. 'I'm just nervous that I'm going to be stuck with this,' Brady said. 'The agency is going to be so broken down and disintegrated that I won't be able to do anything, and I'm just going to be stuck with those $9,000' in loans. Criminal cases around the country offer a glimpse of the schemes' pervasiveness. In the past year, investigators indicted a man accused of leading a Texas fraud ring that used stolen identities to pursue $1.5 million in student aid. Another person in Texas pleaded guilty to using the names of prison inmates to apply for over $650,000 in student aid at colleges across the South and Southwest. And a person in New York recently pleaded guilty to a $450,000 student aid scam that lasted a decade. Identify fraud victims who never attended college are hit with student debt Brittnee Nelson of Shreveport, Louisiana, was bringing her daughter to day care two years ago when she received a notification that her credit score had dropped 27 points. Advertisement Loans had been taken out in her name for colleges in California and Louisiana, she discovered. She canceled one before it was paid out, but it was too late to stop a loan of over $5,000 for Delgado Community College in New Orleans. Nelson runs her own housecleaning business and didn't go to college. She already was signed up for identity theft protection and carefully monitored her credit. Still, her debt almost went into collections before the loan was put in forbearance. She recently got the loans taken off her record after two years of effort. 'It's like if someone came into your house and robbed you,' she said. The federal government's efforts to verify borrowers' identity could help, she said. 'If they can make these hurdles a little bit harder and have these verifications more provable, I think that's really, really, really going to protect people in the long run,' she said. Delgado spokesperson Barbara Waiters said responsibility for approving loans ultimately lies with federal agencies. 'This is an unfortunate and serious matter, but it is not the direct or indirect result of Delgado's internal processes,' Waiters said. In San Francisco, the loans taken out in Brady's name are in a grace period, but still on the books. That has not been her only challenge. A few months ago, she was laid off from her job and decided to sign up for a class at City College San Francisco to help her career. But all the classes were full. After a few weeks, Brady finally was able to sign up for a class. The professor apologized for the delay in spots opening up: The college has been struggling with fraudulent applications. Advertisement
Yahoo
7 hours ago
- Yahoo
A Brown Student Went Full DOGE Over How His $93,000 Tuition Is Spent. The Fallout Was Predictable—and Wrong.
Sign up for the Slatest to get the most insightful analysis, criticism, and advice out there, delivered to your inbox daily. Brown University sophomore Alex Shieh had a good idea. Inspired by Elon Musk's efforts to reduce supposed staffing inefficiencies in the federal government, Shieh wondered if there were a way to quantify and combat an analogous trend at his university. So with the help of A.I. and a number of publicly available databases, he compiled a list of the university's nearly 4,000 non-faculty employees, grouped them by category, and mocked up working job descriptions for each. Then he wrote emails to all of them, asking them to describe their value to the university. Shieh hoped the project would be the basis for a reporting project that would anchor the first few issues of the Brown Spectator, a defunct conservative student newspaper he and two classmates hoped to relaunch. Shieh's project had the erstwhile DOGE chief's fingerprints all over it, but there's one big difference between the two men: Musk will be able to start drawing on Social Security (if, of course, it's still solvent) in under a decade, while Shieh can't yet legally drink. Shieh's idea, even if it did have roots in our raging national culture wars, was quite ambitious, strong work for a young man with less than half of a degree under his belt. The authorities at Brown, however, didn't see it that way. Upon getting wind of the provocative email blast, they launched a conduct-code investigation and accused Shieh and his partners of trademark violations. And although all charges were eventually dropped, the university's intent was clear: They came to bury Shieh, not to praise him. They couldn't have been more wrong to do so. And it's not just Republicans who think so. I've been teaching sophomores for over a decade and a half, and while Shieh's project is certainly undergraduate work, it's of a particularly high caliber. It is timely, relevant, and enterprising, and it asks a pressing research question. Brown shouldn't have met him with disciplinary threats. Instead, the university should have offered him the best resources an elite institution can provide: academic mentorship and access to top-flight faculty research. If I'd had the opportunity to work with Mr. Shieh, I would have begun by praising him for identifying and focusing on a pressing problem for American higher education in a time of rising tuition costs: administrative bloat. According to a report by the Progressive Policy Institute's Paul Weinstein Jr., non-faculty hiring has exploded over the past 50 years, and today, at the nation's top 50 universities, there is on average 1 non-faculty employee for every 4 students. This trend is particularly acute at Brown, where the ratio nears 1 to 3. But then I would challenge this student to reconsider his methodology—and to research whether Musk's approach is advisable. I would remind him that Musk's efforts to trim the fat at Twitter probably contributed to a giant drop in that company's valuation. And I would add that some experts believe that DOGE's cuts to the federal workforce may actually end up costing taxpayers money. (I would also admit that either initiative might bear fruit in the longer term.) I would then leverage the interdisciplinary connections available at a large research institution, sending Shieh to colleagues in the business school to learn about other approaches to considering and enacting substantial layoffs. If Shieh and his partners persisted, I would have sent them to professors in sociology and communications to figure out best practices for designing a survey that didn't inspire one recipient to respond, 'Fuck off.' (His email, which only garnered 20 responses, allegedly included the too-pert question 'What do you do all day?') If he wanted, in good faith, to get results, he should have recognized that he was operating inside a highly polarized, charged environment, sending a survey to adults who pay their bills with these jobs, and modulated his approach accordingly—something the university's many experts in rhetoric could have helped him see. As a onetime writing instructor, I would also advise him that it is misleading to refer to that profane recipient as an 'administrator [at] Brown' in Congressional testimony, when he is really a relatively low-level functionary in the events planning office. And by the way, I would have done all these things not because I agree with Shieh. Indeed, I don't think I do. Rather, I would have supported him because he had a serious academic question and the drive to think it through as part of an ambitious, time-intensive project. The fact that Brown University responded so aggressively only lends ammunition to those on the right who believe—often correctly—that American academia is hostile to conservative viewpoints. (This despite the fact that, as Shieh himself said, 'It's not inherently conservative to want to make education more affordable.') Now, perhaps Brown would have done some of these things had they been given ample notice of Shieh's plans, or if Shieh had registered the Spectator with the university in advance. As it was, it seems they were blindsided, and ended up reacting, rather than acting. So now, instead of boasting about high-profile conservative-leaning student research, they're trying to put out a political firestorm and opening themselves to attack at a moment when Elon Musk's old boss is gunning for the Ivy Leagues.
Yahoo
7 hours ago
- Yahoo
Hilliard police: Man stole patients' identities working at addiction treatment facility
A Hilliard man is facing several charges after police there say he stole the identities of hundreds of patients who checked into an addiction treatment facility where he was employed. Hilliard police said that the suspect — a 33-year-old man whom The Dispatch is not naming at this time — was employed at Evoke Wellness at Hilliard, an addiction treatment facility located at 5471 Scioto Darby Road. According to police, while the suspect was working at the treatment center, he stole the names, addresses, birthdates, and Social Security numbers of at least 240 people. Many of the victims are in central Ohio, police said, but believe there are more victims nationwide. A spokesperson from Evoke Wellness at Hilliard could not be reached for comment on June 9. Hilliard police detectives said that the suspect sold private information on the dark web to criminals who then used the stolen identities to purchase vehicles, rack up credit card charges for hotels and restaurants, and to purchase cryptocurrency. Hilliard police conducted a traffic stop on the suspect on Oct. 10, 2024, and found him in possession of four fake Ohio driver's licenses, 25 prepaid cards, a loaded handgun, and several cell phones that contained criminal evidence. He was initially charged with identity fraud, forgery, and improper handling of a firearm, police said. On May 9, officers executed a search warrant at the suspect's home. Police did not say what evidence they found at the home, if any. 'This is a disturbing situation of someone taking advantage of individuals while they were seeking rehabilitation during a vulnerable time in their lives,' Hilliard police Chief Michael Woods said in a prepared release. 'We believe there are many more victims in this case and are dedicated to identifying as many as possible before we present this case to prosecutors.' Reporter Shahid Meighan can be reached at smeighan@ at ShahidMeighan on X, and at on Bluesky. This article originally appeared on The Columbus Dispatch: Hilliard man stole identities while working at Evoke Wellness
