Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now

(Image credit: Shutterstock)

Even if you practice perfect cyber hygiene, you can still wake up to find yourself amid a major security crisis resulting from a data breach, and that’s exactly what happened to half a million teachers.

As reported by The Record, over 500,000 teachers and other employees who work in education across Pennsylvania’s public schools had their sensitive personal and financial data stolen by hackers. This happened after the Pennsylvania State Education Association (PSEA) fell victim to a security incident last summer.

In a data breach notice on its site, PSEA explains that the attack occurred on July 6, 2024. Following the incident, the teachers union informed law enforcement and investigated the matter.

Personal and financial data exposed

A hacker typing quickly on a keyboard — (Image credit: Shutterstock)

In its notice, PSEA lists all of the stolen data, which includes the full names of those impacted along with one or more of the following items:

Date of Birth
Driver’s License or State ID
Social Security Number
Account Number
Account PIN
Security Code
Password
Routing Number
Payment Card Number
Payment Card PIN
Payment Card Expiration Date
Passport Number
Taxpayer ID Number
Username
Password
Health Insurance Information
Medical Information

As you can see from the list above, a hacker could exploit this stolen data for all sorts of nefarious purposes. From launching phishing attacks to taking over accounts to committing fraud or even identity theft, the fallout from this breach for impacted individuals could be massive.

How to stay safe and what to do now

Victims of Identity Theft — (Image credit: Antonio Guillem/Shutterstock)

If you’re a PSEA member, chances are this data breach will likely impact you. Fortunately, the organization is taking steps to rectify this situation by providing free access to one of the best identity theft protection services for 12 months through IDX.

You can find all of the necessary enrollment info at the bottom of PSEA’s data breach notification page, but to save you some time, you can sign up online at https://app.idx.us/account-creation/protect or call IDX directly at 1-877-720-5373.

Even though I was not personally affected, I did call the number for more info and had to verify my name and address to see if the breach impacted me.

The privacy and security of the protected personal information entrusted to us is of the utmost importance to PSEA.
PESA breach notice

In addition to visiting the website above or calling the phone number, impacted individuals will likely receive a data breach notification letter in the mail. It should have even more information, including a code to gain access to IDX’s credit and identity monitoring. However, it’s worth noting that those affected by this breach have until June 17 to enroll.

Besides taking advantage of this offer, there are also some steps you can personally take to avoid falling victim to any attacks resulting from this breach. You’ll want to be very careful online going forward.

Be on the lookout for suspicious emails, text messages and phone calls, and if any of these contain links, avoid clicking on them as they could lead to malicious sites.

The same goes for any attachments, as downloading them could infect your devices with malware. Likewise, you should also be using the best antivirus software on your Windows PC, the best Mac antivirus software on your Apple computer or one of the best Android antivirus apps on your smartphone to help keep you safe in case you accidentally download anything dangerous.

As I have family members who are teachers in Pennsylvania, I’ll be keeping a close eye on this data breach. I will update this story if I learn anything else about the attack that led to it.

More from Tom's Guide

See more Computing News

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.