The Association of Texas Professional Educators (ATPE) recently reported a significant data breach that exposed the sensitive information of 426,280 individuals. This breach affected ATPE members, employees, and their dependents. The incident was discovered on February 12 when ATPE detected suspicious activities on its network. In response, the organization promptly disconnected all access to contain the breach and launched an investigation, which concluded on March 20.
According to filings submitted by ATPE to regulators on June 14, the breach exposed Social Security numbers, dates of birth, and addresses for all affected individuals. For employees of ATPE, the compromised data included passport numbers, driver’s license numbers, financial information, and medical records. Additionally, members who joined before May 15, 2021, had their Tax Identification Numbers leaked. Members who received payments from ATPE may have also had their financial information exposed.
ATPE, representing nearly 100,000 teachers, administrators, and public education employees across Texas, took immediate steps to mitigate the impact of the breach. The organization posted a notice of the incident on April 12 and worked diligently to finalize a list of all affected individuals, which was completed by June 3. In an effort to protect those impacted, ATPE is offering 12 months of identity protection services to the victims.
This breach comes on the heels of a similar incident involving the Association of California School Administrators, which warned 54,682 people of a ransomware attack in September 2023 that exposed Social Security numbers, addresses, and names. These incidents highlight the increasing challenges educational organizations face in protecting personal data and underscore the importance of robust cybersecurity measures to safeguard sensitive information.
Reference: