Cybersecurity Incident at TIU11

You are here, because you likely received a letter from TIU11 regarding the potential that your data may have been exposed to a third party. This letter is legitimate and was sent out by a TIU11 contractor  in response to a cybersecurity event that included unauthorized exposure of internal data. Below, we have collated a series of questions and answers to assist you in understanding more about this event.

Commonly Asked Questions and Answers

  • Has my identity been stolen?

TIU does not have any evidence that any individual has experienced identity theft as a result of this incident. However, if you ever believe you have been the victim of identity theft or have reason to believe your information is being misused, TIU urges you to immediately contact the police and file a police report. Obtain a copy of the police report as you may need to provide copies of the report to creditors to clear up your records. You may also contact the Federal Trade Commission and the Attorney General’s Office in your state. You may obtain a copy of your credit report, free of charge, directly from each of the three nationwide credit reporting companies. To order your annual free report, please visit, call toll free at 1-877-322-8228, or directly contact the three nationwide credit reporting companies:


PO Box 740241

Atlanta, GA 30374



PO Box 2002

Allen, TX 75013




PO Box 2000

Chester, PA 19016




  • Why do you have my information?

The TIU employs staff all over the state of Pennsylvania that provide training to schools, intermediate units, education entities, as well as the PaTTAN offices. You may have taken training for Act 48 credit and the information would have been entered by staff and reported to PDE. This is only one possible scenario.

  • Can you identify what information TIU11 has of mine?

Because of the work that TIU 11 does, the types of data vary. We cannot provide specific information. We have staff located throughout the state offering training, working with various agencies, etc.. and that could be one way we have your information.

  • Is the data still there?

We are in the process of reviewing all files and making sure that all legal obligations for retention are being followed. All other files and data will be subject to new data governance protocols that are being implemented by TIU 11. This includes deletion of extraneous information not related to TIU11 operations. 

  • How long is information retained?

Data is being reviewed and will be retained as required by law. Any data not required for retention will be handled based on the new data governance protocols being implemented.

  • How did TIU respond to this breach

As soon as the breach was detected we initiated a forensic audit to mitigate any additional exposure. This process involves engagements with law enforcement, security professionals, legal teams, insurance companies, etc.

We have worked extensively with legal counsel to ensure that all state notification rules are being met in a timely manner. We have also implemented changes in operational/cyber security as recommended by the response team.

  • What is Kroll Credit Monitoring

The credit monitoring service has been retained by the response team to offer free credit monitoring for one year. Please call 1-855-568-2042.

  • What can I do to protect my information moving forward?

Our recommendation is to initiate the Kroll credit monitoring service that is free for one year. Otherwise all three of the major credit bureaus offer different types of credit monitoring services. There are also at cost products that are available to enroll in if you choose to do so.

  • What is Tuscarora Intermediate Unit 11?

Tuscarora Intermediate Unit 11 is a regional educational service agency that assists public and nonpublic schools, personnel, and students in south central Pennsylvania with implementing programs and services.

  • What should I do now? 

TIU encourages you to remain vigilant by reviewing your credit report, credit card, bank, and other financial statements for any unauthorized activity. If you notice any unauthorized activity, you should immediately notify the relevant financial institution or the credit bureau that reported the activity.  In addition, the notification letter mailed to you provides additional steps that you can take to protect yourself.

  • How could something like this happen? 

All companies face cybersecurity risks. TIU had security measures in place to help protect against those risks. To help prevent a similar incident from occurring in the future, TIU has implemented measures to enhance our existing security measures, including upgrading firewall, deploying endpoint monitoring, updating password requirements, and instituting multifactor authentication.  

Skip to content