Woods Lonergan PLLC Announces Investigation into PSEA (PA Teachers Union) Data Breach for Potential Class Action

By James Woods
Managing Partner
psea data breach

NEW YORK, NY – [March 21, 2025] – Woods Lonergan PLLC, a leading complex litigation firm specializing in class action data breach lawsuits and data privacy litigation, is actively investigating a potential class action lawsuit against the Pennsylvania State Education Association (PSEA), following a significant data breach that exposed the personal information of nearly 500,000 individuals. While PSEA described the breach as a ‘security incident,’ the reality is that nearly 500,000 individuals had their most sensitive personal and financial information potentially exposed by Rhysida, a known ransomware group. Coupled with PSEA’s delay in notifying the victims, the massive data breach and ransomware attack potentially compromised a wide range of your highly sensitive data, including:

  • Full Names,
  • Dates of Birth,
  • Driver’s License or State ID,
  • Social Security Numbers,
  • Account Numbers, PINs, Security Codes, Passwords, and Routing Numbers,
  • Payment Card Numbers, PINs, and Expiration Dates,
  • Passport Numbers,
  • Taxpayer ID Numbers,
  • Usernames and Passwords,
  • Health Insurance Information, and
  • Medical Information.

If you or a family member received a data breach notification letter from PSEA concerning the recent cyberattack, your personal and medical information may be at risk. Call Woods Lonergan PLLC, a leading firm in data breach litigation, to discuss your legal options today at  (212) 684-2500 to speak with our Data Breach Litigation Team today.

Details of the PSEA Data Breach and Alleged Negligence

The Pennsylvania State Education Association (PSEA), a union representing educators and education professionals across Pennsylvania, experienced a significant security failure. While the PSEA primarily represents teachers, the breach likely impacted a wide range of education professionals and staff within the organization and its affiliated local chapters.

The timeline of the breach raises serious concerns regarding potential negligence surrounding this massive data breach:

  • PSEA Data Breach Discovery Date: On or about July 6, 2024
  • PSEA Investigation Completion Date: February 18, 2025

The extended period of over seven months between the breach discovery (July 6, 2024) and the completion of the internal investigation (February 18, 2025) raises questions about the adequacy of PSEA’s security measures and incident response procedures. The delay in notifying victims of the data breach over this extended period of time, potentially compromised the victims’ further exposure of a wide range of their highly sensitive data. This potentially included not only names and addresses, but also Social Security numbers, driver’s license numbers, and even passport numbers. For some individuals, the exposed data also included detailed medical information, health insurance details, and financial account information, including account numbers, routing numbers, and even payment card PINs. Further, many state data breach notification laws require notification without unreasonable delay. 

The Rhysida ransomware group, known for its aggressive tactics and targeting of sensitive data, claimed responsibility for the attack, listing PSEA on its dark web leak site.

Who Was Affected by the PSEA Data Breach

  • Teachers
  • Support Staff (paraprofessionals, aides, etc.)
  • Specialists (counselors, therapists, nurses, librarians, etc.)
  • Administrators

Potential Impact on Victims of the PSEA Data Breach

The PSEA data breach places nearly 500,000 individuals at significant risk of:

  • Financial Identity Theft: Stolen SSNs, account numbers, and payment card details can be used to open fraudulent accounts, make unauthorized purchases, and commit other forms of financial fraud.
  • Medical Identity Theft: Stolen health insurance and medical information can be used to obtain fraudulent medical services, potentially leading to inaccurate medical records and financial burdens.
  • Tax Fraud: Stolen SSNs and Taxpayer ID Numbers can be used to file fraudulent tax returns.
  • Targeted Phishing Attacks: The detailed personal information makes victims highly susceptible to sophisticated phishing and social engineering attacks.
  • Privacy Violations and Potential Blackmail: The exposure of highly sensitive personal and professional information can lead to significant privacy violations.
  • Emotional Distress and Anxiety: The breach of such personal and private information can cause significant emotional distress and anxiety.

Legal Claims in the PSEA Data Breach

Woods Lonergan PLLC’s Data Breach attorneys are focused on potential violations of:

  • State Data Breach Notification Laws: Violations of relevant state laws (Pennsylvania, Maine, Massachusetts, New Hampshire, and potentially other states where affected individuals reside) requiring timely notification and adequate data security measures.
  • Negligence: PSEA’s failure to adequately protect sensitive data, its failure to detect the breach promptly, and its potentially inadequate response to the breach, including the significant delay in completing the investigation.
  • Breach of Contract: Potential implied or express breach of contracts with members to protect their confidential information.
  • Other Potential Claims: Depending on the specific circumstances and applicable state laws, additional claims may be possible.

The seven-month delay between PSEA’s discovery of this breach and their completion of the investigation is unacceptable. This delay, coupled with the fact that the Rhysida ransomware group—known for targeting sensitive data—claimed responsibility, is deeply troubling. Teachers and education professionals deserve better. Woods Lonergan PLLC is committed to holding PSEA accountable and securing just compensation for those affected.” – Jim Woods, Managing Partner, Woods Lonergan PLLC

Contact our Data Breach Litigation Team

If you or a family member received a data breach notification letter from PSEA concerning the recent cyberattack, your personal and medical information may be at risk. Contact Woods Lonergan PLLC, a leading firm in data breach litigation, to discuss your legal options. Please call Woods Lonergan PLLC at (212) 684-2500 to speak with our Data Breach Litigation Team today.

About Woods Lonergan PLLC

Woods Lonergan PLLC is a leading New York-based litigation firm specializing in complex civil litigation, including class action data privacy and cybersecurity matters. We have a proven track record of successfully holding corporations accountable for data breaches and protecting the rights of consumers.

Citations

About the Author

James Woods, Managing Partner of Woods Lonergan, holds more than 25 years of experience in corporate, real estate, and business legal matters. His expertise in handling negotiations, litigation, jury trials, and all forms of alternative dispute resolution spans multiple areas, including corporate, real estate, and commercial litigation. James actively represents dozens of Cooperative and Condominium Boards and serves as counsel to many Corporate Boards. Prior to founding the firm, James proudly served as an Assistant District Attorney for Nassau County and handled both jury and bench trials. With experience that also covers sophisticated transactions and complex acquisitions, James also serves as counsel to several domestic companies in a range of industries and commercial arenas, including real estate, insurance, banking, transportation, and construction. If you have any questions about this article you can contact attorney James Woods through his biography page.

Disclaimer: The information in this article and blog post (“post”) is provided for informational purposes only, and may not reflect the current law(s) in every jurisdiction. No information contained in this post should be construed as legal advice from Woods Lonergan PLLC or the individual author(s), nor is it intended to be a substitute for legal counsel on any subject matter. Nothing herein shall be construed to create an attorney-client relationship with Woods Lonergan PLLC. No reader of this post should act or refrain from acting on the basis of any information included in, or accessible through, this Post without seeking the appropriate legal or other professional advice on the particular facts and circumstances at issue from an attorney licensed in the recipient’s jurisdiction. This post is attorney advertising.
Attorney Advertising | Disclaimer | Privacy Policy
Website developed in accordance with Web Content Accessibility Guidelines 2.1.
If you encounter any issues while using this site, please contact us: 212.684.2500