Office of the New York State Attorney General Company CyberSecurity Posture
ny.gov
As head of the Department of Law, the Attorney General is both the “People's Lawyer” and the State's chief legal officer. As the “People's Lawyer,” the Attorney General serves as the guardian of the legal rights of the citizens of New York, its organizations and its natural resources. In fulfilling the duties of the State’s chief legal counsel, the Attorney General not only advises the Executive branch of State government, but also defends actions and proceedings on behalf of the State. The Attorney General serves all New Yorkers in numerous matters affecting their daily lives.The Attorney General's Office is charged with the statutory and common law powers to protect consumers and investors, charitable donors, the public health and environment, civil rights, and the rights of wage-earners and businesses across the State. The Attorney General's authority also includes the activities and investigations of the State Organized Crime Task Force and Medicaid Fraud Control Unit. While the Attorney General acts independently of the Governor, the Governor or a state agency may request the Attorney General to undertake specific criminal investigations and prosecutions. The legal functions of the Department of Law are divided primarily into five major divisions: Appeals and Opinions, State Counsel, Criminal Justice, Economic Justice and Social Justice. Over 1,800 employees, including over 700 attorneys, as well as forensic accountants, legal assistants, scientists, investigators, and support staff, serve in the Office of the Attorney General in many locations across New York State.
Company Details
office-of-the-attorney-general-of-the-state-of-new-york
1,605
17,310
92212
ny.gov
0
OFF_1952810
In-progress
ONYSAG Risk Score (AI oriented)Between 650 and 699
ONYSAG Global Score (TPRM)XXXX
Description: In August 2025, the **State Attorney General’s Office** detected a **cybersecurity incident** involving unauthorized access to files containing **personal data**, including **names, Social Security numbers, and medical information**. While the investigation found no evidence of misuse or attempted misuse of the compromised data, the breach exposed sensitive information of an undisclosed number of individuals. The office engaged cybersecurity experts, implemented additional security measures, and reported the incident to the **FBI**. Affected individuals were notified in November 2025 and offered **identity protection services**. The breach underscores vulnerabilities in handling **personally identifiable information (PII)**, though no financial fraud, public disclosure, or systemic disruption was confirmed. The office emphasized its commitment to privacy and urged affected parties to monitor financial accounts and credit reports for suspicious activity.
Office of the New York State Attorney General has 63.93% more incidents than the average of same-industry companies with at least one recorded incident.
Office of the New York State Attorney General has 56.25% more incidents than the average of all companies with at least one recorded incident.
Office of the New York State Attorney General reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
ONYSAG cyber incidents detection timeline including parent company and subsidiaries
As head of the Department of Law, the Attorney General is both the “People's Lawyer” and the State's chief legal officer. As the “People's Lawyer,” the Attorney General serves as the guardian of the legal rights of the citizens of New York, its organizations and its natural resources. In fulfilling the duties of the State’s chief legal counsel, the Attorney General not only advises the Executive branch of State government, but also defends actions and proceedings on behalf of the State. The Attorney General serves all New Yorkers in numerous matters affecting their daily lives.The Attorney General's Office is charged with the statutory and common law powers to protect consumers and investors, charitable donors, the public health and environment, civil rights, and the rights of wage-earners and businesses across the State. The Attorney General's authority also includes the activities and investigations of the State Organized Crime Task Force and Medicaid Fraud Control Unit. While the Attorney General acts independently of the Governor, the Governor or a state agency may request the Attorney General to undertake specific criminal investigations and prosecutions. The legal functions of the Department of Law are divided primarily into five major divisions: Appeals and Opinions, State Counsel, Criminal Justice, Economic Justice and Social Justice. Over 1,800 employees, including over 700 attorneys, as well as forensic accountants, legal assistants, scientists, investigators, and support staff, serve in the Office of the Attorney General in many locations across New York State.
The Metropolitan Police Service is famed around the world and has a unique place in the history of policing. Our headquarters at New Scotland Yard - and its iconic revolving sign - has provided the backdrop to some of the most high profile and complex law enforcement investigations the world has e
Policing in South Africa. I am attached to the newly formed Directorate for Priority Crime Investigations. Formally I was attached to the Detecitve Service and have been conduction investigations for over 25 years. I have also been attached to the National Inspectorate Division of the SAPS for soem
The FBI Virtual Academy is the portal to all FBI training opportunities offered to our external partners. FBI Virtual Academy registration is open to all personnel serving in any agency within the criminal justice or intelligence community – including state, local, tribal, and international law enfo
he Government of India, officially known as the Union Government, and also known as the Central Government, was established by the Constitution of India, and is the governing authority of a union of 28 states and seven union territories, collectively called the Republic of India. It is seated in New
The Singapore Police Force (SPF) is a uniformed organisation under the purview of the Ministry of Home Affairs. The mission of the SPF is to prevent, deter and detect crime to ensure the safety and security of Singapore. The Singapore Police Force’s official LinkedIn page should NOT be used for
Welcome to the Official NYPD LinkedIn Page. For emergencies, dial 911. To submit crime tips & information, visit www.NYPDcrimestoppers.com or call 800-577-TIPS. The mission of the New York City Police Department is to enhance the quality of life in New York City by working in partnership with the c
Gendarmería Nacional Argentina (GNA) es una Fuerza de Seguridad de naturaleza militar, que cumple funciones en la seguridad interior, defensa nacional, auxilio a la Justicia Federal y apoyo a la Política Exterior de la RA. Es una de las cuatro Fuerzas que integran el Ministerio de Seguridad de l
Vi gör hela Sverige tryggt och säkert! Att arbeta inom polisen är ett av de finaste uppdrag man kan ha. Du bidrar till samhället genom att göra hela Sverige tryggt och säkert. Oavsett om du jobbar i en civil roll eller som polis, är möjligheterna att växa med en större uppgift många. Vi är Sverig
Politiemensen staan midden in de maatschappij, dicht op het nieuws. De politie is daar waar het gebeurt. Het optreden van agenten ligt altijd onder een vergrootglas. Bij de politie ben je 24 uur per dag en voor iedereen in onze diverse samenleving. Integer, moedig, betrouwbaar en verbindend zijn daa
.png)
Background On November 6, California Attorney General (AG) Rob Bonta, Connecticut AG William Tong, and New York AG Letitia James announced a...
ROCHESTER, N.Y. — New York's Algorithmic Pricing Disclosure Act took effect earlier this week. The law requires companies to clearly state...
On October 20, the New York State attorney general, in a press release, announced a settlement with a certified public accounting firm after...
New York State Department of Financial Services (DFS) Superintendent Adrienne A. Harris has collected more than $19 million in penalties for...
New York State has fined eight major auto insurance companies over $19 million after an investigation uncovered major cybersecurity failures...
The 2025–2026 New York State budget bill increased filing fees for offering plans, no-action letter applications, cooperative policy...
New York Attorney General Letitia James, a longtime foe of President Donald Trump, was charged on Thursday with lying on a mortgage...
NEW YORK — State Attorney General Letitia James' office is investigating medical debt collection practices employed by Abrams Fensterman,...
New York Attorney General Letitia James announces filing of lawsuit against Early Warning Services, LLC for alleged insufficient security...
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
The official website of Office of the New York State Attorney General is http://www.ag.ny.gov/job-postings.
According to Rankiteo, Office of the New York State Attorney General’s AI-generated cybersecurity score is 697, reflecting their Weak security posture.
According to Rankiteo, Office of the New York State Attorney General currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
According to Rankiteo, Office of the New York State Attorney General is not certified under SOC 2 Type 1.
According to Rankiteo, Office of the New York State Attorney General does not hold a SOC 2 Type 2 certification.
According to Rankiteo, Office of the New York State Attorney General is not listed as GDPR compliant.
According to Rankiteo, Office of the New York State Attorney General does not currently maintain PCI DSS compliance.
According to Rankiteo, Office of the New York State Attorney General is not compliant with HIPAA regulations.
According to Rankiteo,Office of the New York State Attorney General is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Office of the New York State Attorney General operates primarily in the Law Enforcement industry.
Office of the New York State Attorney General employs approximately 1,605 people worldwide.
Office of the New York State Attorney General presently has no subsidiaries across any sectors.
Office of the New York State Attorney General’s official LinkedIn profile has approximately 17,310 followers.
Office of the New York State Attorney General is classified under the NAICS code 92212, which corresponds to Police Protection.
No, Office of the New York State Attorney General does not have a profile on Crunchbase.
Yes, Office of the New York State Attorney General maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/office-of-the-attorney-general-of-the-state-of-new-york.
As of November 28, 2025, Rankiteo reports that Office of the New York State Attorney General has experienced 1 cybersecurity incidents.
Office of the New York State Attorney General has an estimated 1,471 peer or competitor companies worldwide.
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with cybersecurity experts engaged, and and remediation measures with security measures implemented to prevent future incidents, and recovery measures with identity protection services offered to affected individuals, and communication strategy with emailed notices sent to affected individuals (nov. 14, 2025); public advisory issued with protective guidance..
Title: Data Security Incident at State Attorney General’s Office
Description: A cybersecurity incident detected on Aug. 9, 2025, involved potential unauthorized access to personal information, including names, Social Security numbers, and/or medical information. While no evidence of misuse was found, the office took security measures and offered identity protection services to affected individuals. The incident was reported to the FBI, and notices were emailed to affected parties on Nov. 14, 2025.
Date Detected: 2025-08-09
Date Publicly Disclosed: 2025-11-14
Type: Data Breach / Unauthorized Access
Common Attack Types: The most common types of attacks the company has faced is Breach.
Data Compromised: Names, Social security numbers, Medical information
Brand Reputation Impact: Potential concern due to exposure of sensitive personal data
Identity Theft Risk: High (due to exposure of SSNs and medical data)
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personally Identifiable Information (Pii), Protected Health Information (Phi) and .
Entity Name: State Attorney General’s Office
Entity Type: Government Agency
Industry: Legal / Public Sector
Incident Response Plan Activated: True
Third Party Assistance: Cybersecurity experts engaged
Remediation Measures: Security measures implemented to prevent future incidents
Recovery Measures: Identity protection services offered to affected individuals
Communication Strategy: Emailed notices sent to affected individuals (Nov. 14, 2025); public advisory issued with protective guidance
Third-Party Assistance: The company involves third-party assistance in incident response through Cybersecurity experts engaged.
Type of Data Compromised: Personally identifiable information (pii), Protected health information (phi)
Sensitivity of Data: High (SSNs, medical records)
Personally Identifiable Information: namesSocial Security numbersmedical information
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Security measures implemented to prevent future incidents.
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Identity protection services offered to affected individuals.
Regulatory Notifications: FBI notified; cooperation ongoing
Recommendations: Monitor financial accounts for suspicious activity (e.g., unauthorized transactions, new accounts)., Request free annual credit reports from TransUnion, Experian, and Equifax via www.annualcreditreport.com or 1-877-322-8228., Follow FTC guidelines to protect against identity theft (www.ftc.gov)., Contact the Attorney General’s office at 1-833-353-8060 for assistance.Monitor financial accounts for suspicious activity (e.g., unauthorized transactions, new accounts)., Request free annual credit reports from TransUnion, Experian, and Equifax via www.annualcreditreport.com or 1-877-322-8228., Follow FTC guidelines to protect against identity theft (www.ftc.gov)., Contact the Attorney General’s office at 1-833-353-8060 for assistance.Monitor financial accounts for suspicious activity (e.g., unauthorized transactions, new accounts)., Request free annual credit reports from TransUnion, Experian, and Equifax via www.annualcreditreport.com or 1-877-322-8228., Follow FTC guidelines to protect against identity theft (www.ftc.gov)., Contact the Attorney General’s office at 1-833-353-8060 for assistance.Monitor financial accounts for suspicious activity (e.g., unauthorized transactions, new accounts)., Request free annual credit reports from TransUnion, Experian, and Equifax via www.annualcreditreport.com or 1-877-322-8228., Follow FTC guidelines to protect against identity theft (www.ftc.gov)., Contact the Attorney General’s office at 1-833-353-8060 for assistance.
Source: State Attorney General’s Office Public Advisory
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: State Attorney General’s Office Public Advisory.
Investigation Status: Ongoing (cooperation with FBI)
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Emailed notices sent to affected individuals (Nov. 14 and 2025); public advisory issued with protective guidance.
Stakeholder Advisories: Public statement issued with protective guidance for affected individuals.
Customer Advisories: Emailed notices (Nov. 14, 2025) with instructions for credit monitoring and identity protection.
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Public statement issued with protective guidance for affected individuals., Emailed notices (Nov. 14 and 2025) with instructions for credit monitoring and identity protection..
Corrective Actions: Security measures implemented to prevent recurrence
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Cybersecurity experts engaged.
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Security measures implemented to prevent recurrence.
Most Recent Incident Detected: The most recent incident detected was on 2025-08-09.
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-11-14.
Most Significant Data Compromised: The most significant data compromised in an incident were names, Social Security numbers, medical information and .
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Cybersecurity experts engaged.
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were medical information, names and Social Security numbers.
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Monitor financial accounts for suspicious activity (e.g., unauthorized transactions, new accounts)., Request free annual credit reports from TransUnion, Experian, and Equifax via www.annualcreditreport.com or 1-877-322-8228., Follow FTC guidelines to protect against identity theft (www.ftc.gov). and Contact the Attorney General’s office at 1-833-353-8060 for assistance..
Most Recent Source: The most recent source of information about an incident is State Attorney General’s Office Public Advisory.
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (cooperation with FBI).
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Public statement issued with protective guidance for affected individuals., .
Most Recent Customer Advisory: The most recent customer advisory issued were an Emailed notices (Nov. 14 and 2025) with instructions for credit monitoring and identity protection.
.png)
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Get company history
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rapid