The Association of Texas Professional Educators (ATPE) is notifying more than 414,000 members of a data breach.
In a letter to those affected, ATPE explains that they first detected abnormal activity in their network on February 12, 2024. By the conclusion of the forensic investigation on March 20, 2024, investigators had found evidence that some of ATPE’s systems had been accessed without authorization.
The types of information accessed varied:
For members who joined before May 15, 2021, names, address, dates of birth, Social Security number and/or Tax Identification Number if employers used it as an identifier, and medical records if the member transmitted this type of information to ATPE.
For those members who received a payment from ATPE through an ACH transaction financial account information may have been subject to unauthorized access.
ATPE’s notification informs members of the steps ATPE has taken in response to the attack:
Since the discovery of the incident, ATPEmoved quickly to investigate, respond, and confirm the security of our systems. Specifically, ATPE disconnected all access to our network, changed administrative credentials, installed enhanced security safeguards on ATPE environment and endpoints; and restored ATPE website in a Microsoft Azure hosted environment. ATPE took steps and will continue to take steps to mitigate the risk of future harm.
Those affected are being offered single credit bureau monitoring and credit score services. Details are in the notification letter.
Update: This incident was reported to the Maine Attorney General’s Office on June 14 as affecting 426,280.