Data breach at Texas educators' association compromised the data of 426,000 members

Teas-based educators’ association, the Association of Texas Professional Educators, recently experienced a data security incident that compromised the sensitive personal information of more than 400,000 individuals.

 

In a data security incident notice filed with the Office of the Maine Attorney General and a notice on its website, the Association said that on February 12, it detected suspicious activities in its network and immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“The forensic investigation concluded on or about March 20, 2024, and found evidence that some of ATPE’s systems were accessed by an unauthorized user.

 

“Based on these findings, ATPE began reviewing the affected systems to identify the specific individuals and types of information that may have been compromised,” it said.

 

The compromised data contained details of employees including their names, driver license numbers, government issued identification numbers, medical information, health insurance information, dates of birth and Social Security numbers.

 

Members who joined before May 15, 2021, also had their personal information compromised. These included names, dates of birth, Social Security numbers, medical records and financial account information.

 

The Association’s filing with the Maine state regulator revealed that at least 426,280 individuals were impacted by the incident. 

 

“Since the discovery of the incident, ATPE moved quickly to investigate, respond, and confirm the security of our systems. ATPE disconnected all access to our network, changed administrative credentials, installed enhanced security safeguards on ATPE environment and endpoints; and restored ATPE website in a Microsoft Azure hosted environment,” ATPE added.

 

While the association found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. It has also offered two years of complimentary identity protection and credit monitoring services through Cyberscout to all affected individuals.