An organization for educators in Texas sent out breach notifications over the last week warning of a cyberattack that exposed sensitive information. 

The Association of Texas Professional Educators (ATPE) submitted filings with regulators on June 14 that said the incident affected 426,280 people — including members of the organization, employees and their dependents.  

ATPE represents nearly 100,000 teachers, administrators and public education employees across Texas. 

For everyone involved, Social Security numbers, dates of birth and addresses were exposed during a cyberattack that was discovered on February 12.

For employees of ATPE only, the data breach also included passport numbers, driver’s license numbers, financial information and medical records. Members who joined before May 15, 2021 also had their Tax Identification Numbers leaked during the attack. Members who received payments from ATPE may have also had financial information leaked. 

The organization said it discovered “suspicious activities” on its network” in February and disconnected all access immediately. An investigation into the attack concluded on March 20 and the organization posted a notice of the incident on April 12. 

It took until June 3 for ATPE to have a finalized list of all the people who had data on the systems the hackers accessed during the incident. Victims are being given 12 months of identity protection services.

The incident came just weeks after the Association of California School Administrators warned 54,682 people of a September 2023 ransomware attack that similarly exposed Social Security numbers, addresses and names.