Latest news with #TheRhysida
Yahoo
07-04-2025
- Yahoo
Pennsylvania Teachers Union Members Sue After Cyberattack Exposes Personal Data
Members of the Pennsylvania State Education Association have filed multiple class-action lawsuits against the union after a cyberattack compromised the personal information of more than a half-million people. Three union members filed suit in March, just days after the union announced a data breach had occurred on July 6, 2024. A union investigation into the incident, completed Feb. 18, found that an 'unauthorized actor' gained access to records like Social Security numbers, bank account numbers, birthdates and taxpayer identification information. Get stories like this delivered straight to your inbox. Sign up for The 74 Newsletter The Rhysida ransomware gang claimed on its dark web site in September that it had carried out the cyberattack. The union refused to comment on how widespread the attack was, but a data breach tracker maintained by the Maine attorney general's office said 517,487 people were affected. Related The suits allege the union failed 'to properly secure and safeguard private information that was entrusted to them' and that those affected — including the relatives of members — will suffer financial losses and lost time detecting and preventing identity theft. Educators must provide personal information to the union to receive its benefits, according to the lawsuits. The plaintiffs also allege that the union waited too long to announce the data breach. Notification letters were sent out on March 17, a month after the union's investigation was finished. 'We took steps, to the best of our ability and knowledge, to ensure that the data taken by the unauthorized actor was deleted,' the union said in the notification letter. Related The attack occurred on computer systems that needed security upgrades, the lawsuits allege. Two of the plaintiffs have reportedly experienced increased numbers of spam calls and emails. '[The union] failed to properly monitor the computer network and systems that housed the private information,' one lawsuit says. 'Had [the union] properly monitored its computer network and systems, it would have discovered the massive intrusion sooner rather than allowing cybercriminals almost a month of unimpeded access.' The union, which represents 178,000 members, said in a previous statement that it isn't aware of identity theft connected to the breach. It did not respond to a request for comment from The 74 about the lawsuits. The plaintiffs are seeking compensatory damages and want the court to order the union to pay for at least 10 years of credit monitoring services for those affected. Motions were filed in a Pennsylvania district court Tuesday to consolidate the lawsuits into one class-action case.
Yahoo
21-03-2025
- Yahoo
Pennsylvania Teachers Union Admits Cyberattack That Hit 500,000 People in July
Personal records of more than a half-million people were compromised in a cyberattack that occurred last July on the Pennsylvania State Education Association. The union acknowledged the data breach this week. On March 17, the state's largest teachers union sent letters about a security data breach that occurred July 6, 2024. An investigation into the incident, completed Feb. 18, found that sensitive personal information was acquired by an 'unauthorized actor' who accessed files on the union's network, according to the letter. The letter said people's names were revealed, along with birthdates, user names and passwords, Social Security numbers, payment information, passport numbers, taxpayer identification and bank account numbers, and health insurance and medical information. Get stories like this delivered straight to your inbox. Sign up for The 74 Newsletter Get stories like this delivered straight to your inbox. Sign up for The 74 Newsletter The union refused to comment on how widespread the attack was, but a data breach tracker maintained by the Maine Attorney General's Office said 517,487 people were affected. 'We took steps, to the best of our ability and knowledge, to ensure that the data taken by the unauthorized actor was deleted,' the union said in the notification letter. Related The Rhysida ransomware gang claimed on its dark web site in September that it had carried out a cyberattack on the union. In 2023 and 2024, the same group claimed data thefts of sensitive documents from school districts in Maryland, Texas, New Jersey and Tennessee. The union, which represents 178,000 members, said in an email statement that it isn't aware of identity theft connected to the breach. 'As soon as we became aware of this incident, we engaged cybersecurity professionals with expertise in these occurrences,' the union told The 74. 'We are complying with all legal and regulatory requirements, and are providing credit monitoring for eligible individuals who were impacted by this incident.'
