CSEA Local 1000 Data Breach Affects 47,352 Members Exposing Social Security Numbers

On May 30, 2025, the Civil Service Employees Association, Inc., Local 1000, AFSCME, AFL-CIO (CSEA Local 1000) discovered suspicious activity on its computer systems, marking the beginning of a major cybersecurity incident.

An internal investigation, supported by leading cybersecurity professionals, revealed that unauthorized access to CSEA’s systems occurred between May 3 and May 31, 2025. During this period, files containing sensitive member information were obtained by an unauthorized party.

The breach exposed personally identifiable information (PII), including names and Social Security numbers, of people associated with the union.

According to the Maine Attorney General’s breach notice, a total of 47,352 individuals in the United States were affected, including six residents in Maine. The breach was reported to the Maine AG on Jan. 20, 2026. A similar notification was submitted to the Vermont Attorney General on Jan. 21, 2026.

The exposure of Social Security numbers significantly increases the risk of identity theft for those affected. The breach was severe due to the sensitive nature of the data compromised and the scale of the incident, impacting tens of thousands of union members and affiliates.

The identity of the perpetrator has not been disclosed, and it is unclear whether the attack was targeted or opportunistic.

Civil Service Employees Association’s response

Upon discovering the breach, CSEA Local 1000 proactively took systems offline, changed passwords, deployed advanced security and detection software, and securely restored systems from backups. They engaged external cybersecurity and privacy experts to assist with the investigation and response. CSEA also began a thorough analysis of the compromised files to identify and notify affected individuals.

Written notification letters were sent to impacted individuals beginning Jan. 20, 2026. The union advised members to remain vigilant, monitor their credit reports, review account statements and report any suspicious activity to financial institutions.

The notification included detailed resources, such as contact information for all three major credit reporting agencies (Equifax, Experian and TransUnion), as well as guidance on how to place fraud alerts and security freezes on credit files. Additional instructions were provided for obtaining free credit reports and filing police reports in cases of suspected identity theft.

CSEA reported the incident to relevant government agencies and continues to enhance its cybersecurity measures. At this time, no evidence has surfaced to suggest that the stolen information has been used for fraudulent purposes. However, due to the nature of the data involved, affected individuals are strongly encouraged to take advantage of the recommended protective steps.