Pennsylvania State Education Association members can claim up to $5,000 from a $2.5 million data breach settlement — but every form must be in by July 6

If you are a current or former member of the Pennsylvania State Education Association, your Social Security number, bank details, and other sensitive records may have been stolen in a ransomware attack last year. A $2.5 million class action settlement now gives roughly 517,000 affected individuals a shot at up to $5,000 each, but the filing window closes on July 6, 2026, and the paperwork takes time to pull together.

What happened and who is affected

PSEA, one of the largest public-sector unions in Pennsylvania with approximately 178,000 active members, disclosed in early 2025 that an unauthorized party had infiltrated its network. According to a breach notice filed with the Maine Attorney General’s office, the intrusion was discovered on February 18, 2025. The Rhysida ransomware group, a criminal operation that cybersecurity researchers have linked to attacks on schools, hospitals, and government agencies worldwide, claimed responsibility.

The Maine AG’s reporting-form dataset and a separate public breach summary spreadsheet both log the filing and list approximately 517,487 individuals as affected. That figure includes not just active educators but also retirees, support staff, and anyone whose information PSEA stored in its systems at the time of the attack.

Notification letters sent to those individuals confirmed the compromised data included Social Security numbers, driver’s license and state ID numbers, financial account and payment card information, passport numbers, and in some cases health and medical records. That combination puts victims at heightened risk for identity theft, tax fraud, and account takeovers that can surface months or even years after the initial breach.

Inside the settlement terms

The class action case, Weaver v. Pennsylvania State Education Association, produced a $2.5 million settlement fund. The named plaintiff, Weaver, brought the suit on behalf of all individuals whose data was compromised in the breach. Under the proposed agreement, PSEA does not admit wrongdoing, which is standard in data breach class actions. Eligible claimants can seek reimbursement in three categories:

• Out-of-pocket losses (up to $5,000): Documented expenses directly tied to the breach, such as bank fees, credit monitoring costs you paid for yourself, unauthorized charges not reimbursed by your bank, and professional fees for identity restoration services.
• Lost time (up to $250): Compensation at $25 per hour for up to 10 hours spent dealing with fraud fallout or taking protective measures. A brief written description of the time and activities is typically required.
• Credit monitoring: Enrollment in identity-protection services for claimants who are not already covered through the credit monitoring PSEA offered affected individuals after the breach was disclosed.

All claim forms must be submitted by July 6, 2026. Late filings will not be accepted. The settlement administration site, PSEADataSettlement.com, hosts the official claim form, the full settlement agreement text, and a FAQ section that walks claimants through each step.

How to file before the deadline

The process is not complicated, but it does require some legwork. Here is what affected members should do now, in June 2026, rather than waiting until the final days:

1. Check your mail and email. PSEA and the settlement administrator sent direct notices to individuals identified in the breach. Those notices contain a unique claim ID that speeds up filing. If you never received one, you can still submit a claim through the settlement website.
2. Gather your documentation. For out-of-pocket claims, you will need receipts, bank or credit card statements, or invoices showing expenses you can connect to the breach. For lost-time claims, prepare a short written account of the hours you spent and what you did during that time.
3. Submit online or by mail. The fastest route is the online portal at PSEADataSettlement.com. Paper forms are also available on the site and can be mailed to the claims administrator at the address printed on the form.
4. Build in a buffer. If the claims administrator flags a form as incomplete, you will need time to fix it and resubmit before the cutoff. Mailed forms also need to arrive, not just be postmarked, by the deadline unless the settlement terms state otherwise. Filing in early to mid-June 2026 is the safest approach.

Steps to protect yourself regardless of a claim

Whether or not you file for settlement money, the scope of the exposed data calls for action. The Federal Trade Commission recommends the following for anyone whose Social Security number has been compromised:

• Place a credit freeze with all three major bureaus: Equifax, Experian, and TransUnion. A freeze is free, prevents new accounts from being opened in your name, and can be lifted temporarily whenever you need to apply for credit.
• Set up a fraud alert. An initial alert lasts one year and requires creditors to take extra steps to verify your identity before extending new credit.
• Review your credit reports. Free weekly reports are available at AnnualCreditReport.com. Look for accounts, hard inquiries, or addresses you do not recognize.
• Watch your bank and card statements closely. Criminals often run small “test” charges before attempting larger withdrawals. Catching those early can stop bigger losses.
• Request an IRS Identity Protection PIN at IRS.gov to block anyone from filing a fraudulent tax return under your Social Security number.

What the math looks like for people who actually file

On paper, a $2.5 million fund split evenly among 517,487 eligible individuals works out to less than $5 per person. In practice, the full class almost never files. Data from past data breach settlements reviewed by courts shows that participation rates are frequently very low, meaning the pool of money stretches further for those who do submit claims. The $5,000 cap is most relevant for members who suffered documented financial harm: unauthorized charges, out-of-pocket costs for identity repair, or time lost untangling fraud.

According to the settlement website at PSEADataSettlement.com, the court has not yet granted final approval of the settlement. The site notes that the approval process is still pending, but it does not specify a hearing date. If the settlement is rejected or modified, claimants will be notified and deadlines could shift. Filing a claim before final approval does not waive any rights; if the deal falls through, submitted claims are simply voided.

For affected PSEA members, the two most productive things to do right now are to lock down your credit and to file your claim with documentation in hand, well before July 6.