We are living in intimidating times when it comes to cybersecurity. Over 15 million 23andMe users were recently advised to request deletion of their genetic data after the company declared bankruptcy. Hospital systems are also increasingly vulnerable to ransomware attacks, and nobody wants their sensitive data to be exposed and potentially sold to the highest bidder. Make no mistake, employers are aware of this fact and generally go to great lengths to secure their digital fortresses, which includes encrypting and otherwise protecting their workers’ sensitive information.
Do unions do the same? That’s debatable. Nothing is foolproof, and human error, including a single click on the wrong email link, can lead to a cyber disaster. However, something went very wrong with a teachers’ union’s cybersecurity, and half a million members are now paying the price.
Last week, a data breach notification popped up on the Maine state government website, which reported that the sensitive personal data of 510,000 Pennsylvania State Education Association (PSEA) members, including not only teachers but counselors and other support staff, was compromised in July 2024. What’s even worse is that this breach wasn’t discovered until February 2025, which likely allowed that information to be passed around on the dark web for months without victims being aware.
This personal data was not only stolen but also ransomed, and a PSEA statement suggested that they paid the ransom. If so, that money likely came from members’ dues, meaning that workers paid for the recovery of their own data, and even that payment doesn’t resolve the issue. Are hackers who steal personal data trustworthy enough to ensure they wouldn’t pass that information elsewhere? No way.
The fallout could be dire as the breach included “government-issued identification documents, Social Security numbers, passport numbers, medical information, and financial information containing card numbers, and their associated PINs and expiration dates.” Yikes.
If you guessed that this has happened before with unions, you would be correct. In 2023, a Pipefitters local in Boston suffered a cyberattack that caused $6.4 million in losses with the union still brashly claiming that no personal information was stolen. And a pair of United Kingdom trade unions has been repeatedly hacked and ransomed over the past few years.
A side note: This little tidbit might not mean much, nearly nine years after the fact, but back in 2016, two Republican congressmen got into a dust up with the American Federation of Government Employees (AFGE) over the fallout of a data breach on the Office of Personnel Management.
That cyberattack resulted in the exposure of sensitive data for over 21.5 million Americans, including 6 million federal employees. The pair of GOP lawmakers then accused AFGE and the AFL-CIO of impeding a rule from the Immigration and Customs Enforcement Agency that restricted workers from using government machines to access personal email. In response, the AFGE insisted that accessing personal email on work computers was a right that shouldn’t be infringed upon.
That’s a silly, not to mention unsafe, line in the sand from the union, but as always, Big Labor and logic aren’t exactly fast friends. Stay safe out there!
