Pennsylvania Office of Attorney General Company CyberSecurity Posture
attorneygeneral.gov
The Pennsylvania Attorney General is the chief law enforcement officer in the Commonwealth, but the office also does extensive work in consumer protection and provides resources for a variety of issues. The office maintains the highest standards of ethics to protect life, property, and constitutional and consumer rights, so as to ensure safety and freedom for those living in and visiting the Commonwealth. We collaborate with partner agencies and groups to enforce the law and defend the interests of the Commonwealth and its diverse citizens. As a workplace, we pride ourselves on providing a fair, diverse and encouraging atmosphere with many avenues for growth and development and offices all over the state. Through our benefits and schedules, we want employees to know that we value their free time so they can come to work excited and motivated to help the public we serve. Values Integrity – We conduct ourselves with uncompromised honesty, honor, and ethics. Human Dignity – We recognize the value, circumstances, and rights of all, including those charged under the law. Justice – We will be unbiased and impartial in pursuit of accountability for those who breach state and federal laws to harm others. Professionalism – We are accountable to the constituents we serve, and to each other, to act in the best interests of Pennsylvanians and will always aim for improvement and advancement. Leadership – We demand ethical leadership from our team members while maintaining relationships with partner organizations who can entrust us to set and achieve a standard of excellence.
Company Details
pennsylvania-office-of-attorney-general
802
6,864
92212
attorneygeneral.gov
0
PEN_2009747
In-progress
POAG Risk Score (AI oriented)Between 0 and 549
POAG Global Score (TPRM)XXXX
Description: The Pennsylvania Attorney General's Office experienced a data breach where unauthorized access led to the exposure of individuals' personal information, including names, Social Security numbers, and medical records. The breach was discovered on **August 9**, and an investigation confirmed the leak of sensitive data. While there is no evidence of misuse, the potential compromise of highly confidential information—such as medical records and SSNs—poses severe risks, including identity theft, financial fraud, and long-term reputational harm. Victims were notified on **November 14**, and the FBI was involved in the investigation. The breach underscores critical vulnerabilities in safeguarding personally identifiable information (PII) and health data, which could have cascading legal, operational, and trust-related consequences for the office and affected individuals.
Description: The Pennsylvania Attorney General's Office experienced a **data breach** in August, where unauthorized actors accessed its systems, causing the website, email, and phone services to go offline. The incident exposed residents' **personal information, including Social Security numbers**, though there is currently **no evidence of misuse**. Affected individuals were notified in October, and the office offered **identity protection services** as a precautionary measure. The breach was detected shortly after a separate **statewide 911 outage in July**, which was later confirmed to be unrelated—attributed to a **technical failure** rather than a cyberattack. While the breach did not result in confirmed fraud or data exploitation, the exposure of **sensitive personally identifiable information (PII)** poses significant risks for identity theft and financial fraud. The office has not disclosed the exact number of affected residents or the method of intrusion, but the incident underscores vulnerabilities in government cybersecurity infrastructure.
Description: The Pennsylvania Attorney General’s Office was targeted in a cyberattack in early August, causing a temporary disruption to its operations. While the attack led to interruptions—including delays in court proceedings, reliance on alternate communication channels, and limited access to systems—most of the 1,200 staff members have since resumed daily duties. The office’s main phone line, website, and email services were restored, though full functionality remains under recovery. No ransom was paid, and the attackers remain unidentified. The investigation is ongoing, with potential notifications to individuals if nonpublic data was compromised. The incident aligns with a broader trend of rising cyber threats against government agencies, though no evidence suggests lasting harm to criminal prosecutions, civil proceedings, or investigations. The attack underscores vulnerabilities in public sector cybersecurity, prompting collaborative efforts to prevent similar breaches in other agencies.
Description: The Pennsylvania Office of Attorney General (OAG) suffered a **ransomware attack** on **August 11, 2025**, where threat actors encrypted critical files to extort the agency. The attack disrupted **internal networks, public websites, email systems, and landlines**, causing **two weeks of operational outages**. While no ransom was paid, the incident forced procedural delays in **civil and criminal court cases**, though no prosecutions or investigations were permanently compromised. Staff temporarily relied on alternative workflows, with **email and phone services restored gradually**. The OAG, a **statewide law enforcement agency with ~1,200 employees**, maintained core functions (e.g., court appearances, public safety operations) despite the disruption. No data leaks were reported, and no ransomware group claimed responsibility. The attack’s **infection vector and strain remain undisclosed**, but recovery efforts prioritized **containment and operational continuity** without yielding to extortion demands.
Description: The Pennsylvania Office of the Attorney General (OAG) suffered a **ransomware attack** in **August 2025**, attributed to the **Inc Ransom group**, resulting in a confirmed **data breach**. The attack disrupted the OAG’s **website, email, and phone systems for three weeks**, while the threat actors claimed to have stolen **5.7 TB of sensitive data**, including files from critical divisions such as **Criminal Investigations, Medicaid Fraud, Child Predator Section, Bureau of Narcotics, and FBI-related internal network access**. The breach exposed **personal information** of individuals, including **names, Social Security numbers, and medical records**, though the OAG stated there was **no evidence of misuse**. The **Inc Ransom group** publicly took responsibility, asserting they had compromised **highly sensitive law enforcement data**, including **executive office files, investigative bureaus, and templates related to high-profile cases**. The initial access was linked to the exploitation of the **CitrixBleed2 vulnerability (CVE-2023-4966)** in Citrix NetScaler. The OAG established a **toll-free helpline** for affected individuals but did not disclose the full scope of the breach or the number of victims.
Description: The Pennsylvania OAG suffered a **ransomware attack** by the **Inc Ransom group**, leading to a **data breach** where **5.7 TB of sensitive data** was allegedly stolen, including **personal information (names, Social Security numbers, medical records)** from investigative units and Cellebrite software usage details. The attack disrupted **websites, emails, and phone lines for three weeks**, though no ransom was paid. The breach involved exploitation of the **CitrixBleed2 vulnerability (Citrix Netscaler)**, granting hackers access to internal networks. While the OAG claims **no evidence of misuse**, ransomware groups typically leak or sell stolen data in cybercriminal circles. The full scope of affected individuals remains unclear, but the breach exposed highly sensitive government and citizen data, posing risks of identity theft, fraud, and operational disruptions.
Description: The Pennsylvania Office of the Attorney General (OAG) suffered a targeted **ransomware attack** on **August 11**, where a malicious actor encrypted critical files in an attempt to extort a ransom payment. The attack disrupted **website, email, and phone systems**, forcing ~1,200 employees across 17 offices to rely on alternate work methods. While the OAG confirmed no ransom was paid, the incident triggered **court-ordered extensions** for criminal and civil cases, though officials claimed no prosecutions or investigations were negatively impacted. The attack’s scope remains partially undisclosed due to an **ongoing investigation**, but the OAG acknowledged that **sensitive personal information** of some individuals may have been compromised. The agency alerted affected parties while working with partner agencies to assess the breach’s full impact. Despite operational disruptions—including potential **data exposure** and **blackmail attempts**—the OAG emphasized its commitment to fulfilling its mission without conceding to hacker demands. The long-term consequences, such as **reputational damage** or **legal liabilities**, remain uncertain as restoration efforts continue.
Description: The Pennsylvania Office of Attorney General (OAG) suffered a **ransomware attack** in August, disrupting critical operations. The attack encrypted OAG servers, forcing systems offline, including the agency’s website, email accounts, and landline phones. While no ransom was paid, the incident caused **delays in civil and criminal court cases**, requiring extensions for ongoing proceedings. Approximately **1,200 employees** across 17 offices were impacted, relying on alternate communication methods during recovery. The OAG, serving as Pennsylvania’s top law enforcement agency, faced operational disruptions in prosecuting criminal cases and enforcing consumer protections. Although most services (email, website, and phone lines) were restored, the investigation remains ongoing to determine if data was stolen. The attack underscored vulnerabilities in government cybersecurity, prompting collaborative efforts with other agencies to prevent future incidents. No evidence yet suggests long-term harm to prosecutions or civil proceedings, but the **operational outage and potential data exposure** pose significant risks to legal processes and public trust.
Pennsylvania Office of Attorney General has 1029.03% more incidents than the average of same-industry companies with at least one recorded incident.
Pennsylvania Office of Attorney General has 976.92% more incidents than the average of all companies with at least one recorded incident.
Pennsylvania Office of Attorney General reported 7 incidents this year: 1 cyber attacks, 4 ransomware, 0 vulnerabilities, 2 data breaches, compared to industry peers with at least 1 incident.
POAG cyber incidents detection timeline including parent company and subsidiaries
The Pennsylvania Attorney General is the chief law enforcement officer in the Commonwealth, but the office also does extensive work in consumer protection and provides resources for a variety of issues. The office maintains the highest standards of ethics to protect life, property, and constitutional and consumer rights, so as to ensure safety and freedom for those living in and visiting the Commonwealth. We collaborate with partner agencies and groups to enforce the law and defend the interests of the Commonwealth and its diverse citizens. As a workplace, we pride ourselves on providing a fair, diverse and encouraging atmosphere with many avenues for growth and development and offices all over the state. Through our benefits and schedules, we want employees to know that we value their free time so they can come to work excited and motivated to help the public we serve. Values Integrity – We conduct ourselves with uncompromised honesty, honor, and ethics. Human Dignity – We recognize the value, circumstances, and rights of all, including those charged under the law. Justice – We will be unbiased and impartial in pursuit of accountability for those who breach state and federal laws to harm others. Professionalism – We are accountable to the constituents we serve, and to each other, to act in the best interests of Pennsylvanians and will always aim for improvement and advancement. Leadership – We demand ethical leadership from our team members while maintaining relationships with partner organizations who can entrust us to set and achieve a standard of excellence.
he Government of India, officially known as the Union Government, and also known as the Central Government, was established by the Constitution of India, and is the governing authority of a union of 28 states and seven union territories, collectively called the Republic of India. It is seated in New
The Metropolitan Police Service is famed around the world and has a unique place in the history of policing. Our headquarters at New Scotland Yard - and its iconic revolving sign - has provided the backdrop to some of the most high profile and complex law enforcement investigations the world has e
Welcome to the Official NYPD LinkedIn Page. For emergencies, dial 911. To submit crime tips & information, visit www.NYPDcrimestoppers.com or call 800-577-TIPS. The mission of the New York City Police Department is to enhance the quality of life in New York City by working in partnership with the c
Politiemensen staan midden in de maatschappij, dicht op het nieuws. De politie is daar waar het gebeurt. Het optreden van agenten ligt altijd onder een vergrootglas. Bij de politie ben je 24 uur per dag en voor iedereen in onze diverse samenleving. Integer, moedig, betrouwbaar en verbindend zijn daa
Gendarmería Nacional Argentina (GNA) es una Fuerza de Seguridad de naturaleza militar, que cumple funciones en la seguridad interior, defensa nacional, auxilio a la Justicia Federal y apoyo a la Política Exterior de la RA. Es una de las cuatro Fuerzas que integran el Ministerio de Seguridad de l
Vi gör hela Sverige tryggt och säkert! Att arbeta inom polisen är ett av de finaste uppdrag man kan ha. Du bidrar till samhället genom att göra hela Sverige tryggt och säkert. Oavsett om du jobbar i en civil roll eller som polis, är möjligheterna att växa med en större uppgift många. Vi är Sverig
Policing in South Africa. I am attached to the newly formed Directorate for Priority Crime Investigations. Formally I was attached to the Detecitve Service and have been conduction investigations for over 25 years. I have also been attached to the National Inspectorate Division of the SAPS for soem
.png)
Penn is investigating a cybersecurity breach of its Oracle E-Business Suite servers that compromised the personal information of...
Pennsylvania Office of the Attorney General (OAG) has confirmed suffering a data breach after it was targeted in a ransomware attack.
The Pennsylvania Office of the Attorney General ("OAG") confirms a data breach following a ransomware attack by Inc Ransom group.
The Pennsylvania Office of the Attorney General has confirmed that individuals' names, Social Security numbers, and/or medical details had...
The office of Pennsylvania's attorney general has confirmed that the ransomware gang behind an August 2025 cyberattack stole files...
According to the AG's office, the "cyber incident" exposed personal information, including social security numbers.
A “data security incident” in August may have involved unauthorized access to personal information, the state attorney general's office...
As previously reported by the Pennsylvania Office of the Attorney General ("OAG"), the OAG experienced a data security incident earlier this...
The Pennsylvania Attorney General's Office has released a statement after a data breach leaked an unknown number of individual's personal...
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
The official website of Pennsylvania Office of Attorney General is http://www.attorneygeneral.gov.
According to Rankiteo, Pennsylvania Office of Attorney General’s AI-generated cybersecurity score is 100, reflecting their Critical security posture.
According to Rankiteo, Pennsylvania Office of Attorney General currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
According to Rankiteo, Pennsylvania Office of Attorney General is not certified under SOC 2 Type 1.
According to Rankiteo, Pennsylvania Office of Attorney General does not hold a SOC 2 Type 2 certification.
According to Rankiteo, Pennsylvania Office of Attorney General is not listed as GDPR compliant.
According to Rankiteo, Pennsylvania Office of Attorney General does not currently maintain PCI DSS compliance.
According to Rankiteo, Pennsylvania Office of Attorney General is not compliant with HIPAA regulations.
According to Rankiteo,Pennsylvania Office of Attorney General is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Pennsylvania Office of Attorney General operates primarily in the Law Enforcement industry.
Pennsylvania Office of Attorney General employs approximately 802 people worldwide.
Pennsylvania Office of Attorney General presently has no subsidiaries across any sectors.
Pennsylvania Office of Attorney General’s official LinkedIn profile has approximately 6,864 followers.
Pennsylvania Office of Attorney General is classified under the NAICS code 92212, which corresponds to Police Protection.
No, Pennsylvania Office of Attorney General does not have a profile on Crunchbase.
Yes, Pennsylvania Office of Attorney General maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/pennsylvania-office-of-attorney-general.
As of December 04, 2025, Rankiteo reports that Pennsylvania Office of Attorney General has experienced 8 cybersecurity incidents.
Pennsylvania Office of Attorney General has an estimated 1,489 peer or competitor companies worldwide.
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack, Ransomware and Breach.
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with isolating affected systems, containment measures with restoring services incrementally, and remediation measures with working with other agencies to prevent recurrence, and recovery measures with restoring email access, recovery measures with bringing website and phone lines back online, and communication strategy with regular public updates, communication strategy with notifications to individuals if necessary, and and third party assistance with unnamed partner agencies (investigation), and and remediation measures with restoration of email access, remediation measures with resumption of public website and phone lines, remediation measures with alternative workflows for disrupted internal processes, and recovery measures with progress toward full operational recovery, recovery measures with transparency updates to the public, and communication strategy with public updates via attorney general dave sunday, communication strategy with social media announcements (twitter/x), and and third party assistance with collaboration with other agencies (unspecified), and remediation measures with restoration of phone lines, website, and email access, remediation measures with use of alternate channels for staff operations, and recovery measures with ongoing efforts to restore full operations, and communication strategy with public statements and future notifications if nonpublic data is found compromised, and and third party assistance with partner agencies (unspecified), and and remediation measures with alternate work channels/methods for staff, remediation measures with file restoration efforts (status unclear), and communication strategy with press releases (aug. 29, follow-up on disclosure date), communication strategy with notifications to affected individuals, and and third party assistance with cybersecurity specialists involved in investigation, and law enforcement notified with fbi notified on 2023-11-14, and communication strategy with public statement and direct notifications to potential victims on 2023-11-14; advisory on protective measures provided, and incident response plan activated with yes (implied by notification and identity protection services), and remediation measures with identity protection services offered to affected individuals, and communication strategy with public advisory and notification to affected individuals via email/mail (exact method unspecified), and incident response plan activated with yes (investigation conducted), and recovery measures with restoration of website, email, and phone services after ~3 weeks, and communication strategy with public disclosure via data incident notice, and and remediation measures with setup of toll-free call center for affected individuals (1-833-353-8060), and recovery measures with restoration of website, email, and phone systems after ~3 weeks, and communication strategy with public media notice, communication strategy with toll-free call center for support..
Title: Ransomware Attack on Pennsylvania’s Office of Attorney General (OAG)
Description: Pennsylvania’s Office of Attorney General (OAG) confirmed a ransomware attack that encrypted files and disrupted operations, including delays to civil and criminal court cases. The attack knocked OAG servers offline in August 2023, disabling the website, email accounts, and phone lines. No ransom was paid, and the investigation is ongoing to determine if data was stolen. Most services, including email and the main phone line, have been restored, but full functionality is still being worked on. Approximately 1,200 staff across 17 offices are operating with alternate methods where necessary.
Date Detected: 2023-08-01
Date Publicly Disclosed: 2023-08-18
Type: ransomware
Motivation: financial (ransom demand)
Title: Ransomware Attack on Pennsylvania Office of Attorney General (OAG)
Description: The Pennsylvania Office of Attorney General (OAG) confirmed it was targeted by a ransomware attack in August 2025, where unknown threat actors encrypted files to extort the agency. No ransom was paid, and the OAG is restoring operations after significant disruptions to internal networks, public websites, email systems, and landlines. The attack began on August 11, 2025, with service interruptions lasting over two weeks. A criminal investigation is ongoing with unnamed partner agencies. While no ransomware group has claimed responsibility, the OAG has resumed partial operations, including email access and public-facing services, though some internal workflows remain disrupted. The attack caused temporary communication outages and legal delays, but no prosecutions or investigations were negatively impacted.
Date Detected: 2025-08-11
Date Publicly Disclosed: 2025-08-29
Type: ransomware
Threat Actor: unknown
Motivation: extortion
Title: Cyberattack on Pennsylvania Attorney General’s Office
Description: The Pennsylvania Attorney General’s Office confirmed it was the target of a cyberattack in early August 2024. The attack caused temporary disruptions, including interruptions to phone lines, email, and website access. The office has since restored most functionalities, with 1,200 staff members resuming duties via alternate channels. No ransom was paid, and the investigation is ongoing to determine if nonpublic information was compromised. Some courts granted time extensions for criminal and civil cases due to the incident. The office is collaborating with other agencies to prevent similar attacks in the future.
Date Detected: Early August 2024
Type: Cyberattack
Title: Ransomware Attack on Pennsylvania Office of Attorney General
Description: A malicious actor encrypted files at the Pennsylvania Office of Attorney General in an attempt to extort a ransom payment. The attack disrupted website, email, and phone services, though the office confirmed no ransom was paid. An active investigation is ongoing to determine the scope of compromised information. Some court proceedings were granted extensions, and staff (approx. 1,200 across 17 offices) adapted to alternate work methods. A limited number of individuals were notified of potential data exposure.
Date Detected: 2024-08-11
Date Publicly Disclosed: 2024-08-29
Type: Ransomware Attack
Threat Actor: Malicious actor (unknown)
Motivation: Financial extortion (ransomware)
Title: Data Breach at Pennsylvania Attorney General's Office
Description: The Pennsylvania Attorney General's Office disclosed a data breach that leaked an unknown number of individuals' personal information, including social security numbers and medical records. Officials became aware of the unauthorized access on August 9. An investigation confirmed the leak, and notifications were sent to potential victims on November 14. The FBI is investigating the incident, though there is no evidence of data misuse.
Date Detected: 2023-08-09
Date Publicly Disclosed: 2023-11-14
Type: Data Breach
Title: Pennsylvania Attorney General's Office Data Breach
Description: The Pennsylvania Attorney General's Office reported a data breach in August 2023, where residents' personal information, including social security numbers, may have been accessed during a 'cyber incident.' The breach caused the office's website, email, and phones to go offline. While there is no evidence of misuse, affected individuals were notified on a Friday in late 2023 (exact date unspecified) and offered identity protection services. The incident was detected on August 9, shortly after a statewide 911 outage in July (unrelated to the breach).
Date Detected: 2023-08-09
Type: Data Breach
Title: Pennsylvania Office of the Attorney General Ransomware Attack and Data Breach
Description: The Pennsylvania Office of the Attorney General (OAG) suffered a ransomware attack in 2023, leading to a data breach where 5.7 TB of data was allegedly stolen by the Inc Ransom group. The attack disrupted the OAG's website, email accounts, and phone lines for approximately three weeks. Personal information, including names, Social Security numbers, and medical records, was potentially accessed. The OAG confirmed no ransom was paid, and the attack was likely conducted via exploitation of the CitrixBleed2 vulnerability in Citrix Netscaler.
Date Detected: 2023-08
Date Publicly Disclosed: 2023-08
Type: ransomware
Attack Vector: Exploitation of CitrixBleed2 vulnerability in Citrix Netscaler
Vulnerability Exploited: CitrixBleed2 (CVE unknown, related to Citrix Netscaler)
Threat Actor: Inc Ransom group
Motivation: financial gaindata theftdisruption
Title: Pennsylvania Office of the Attorney General (OAG) confirms data breach after August ransomware attack by Inc Ransom group
Description: The Pennsylvania Office of the Attorney General (OAG) confirmed a data breach following a ransomware attack attributed to the Inc Ransom group. The attack occurred in August 2025, disrupting the OAG's website, email, and phone systems for about three weeks. The extortion group claimed responsibility on September 21, 2025, and asserted the theft of 5.7 TB of sensitive data, including personal information such as names, Social Security numbers, and medical records. The group also claimed access to the FBI's internal network, though this was not confirmed by OAG. The OAG set up a toll-free call center to assist affected individuals and confirmed no evidence of misuse of the compromised data. The attack was linked to the exploitation of the Citrix NetScaler vulnerability known as CitrixBleed2.
Date Detected: 2025-08-01
Date Publicly Disclosed: 2025-11-18
Type: data breach
Attack Vector: exploitation of CitrixBleed2 vulnerability (Citrix NetScaler)ransomware deployment
Vulnerability Exploited: CitrixBleed2 (CVE not explicitly mentioned but inferred as Citrix NetScaler vulnerability)
Threat Actor: Inc Ransom group
Motivation: financial gain (extortion)data theftdisruption
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Citrix Netscaler vulnerability (CitrixBleed2) and Citrix NetScaler vulnerability (CitrixBleed2).
Systems Affected: serverswebsiteemail accountsland phone lines
Downtime: {'start': '2023-08-01', 'end': None, 'duration': 'ongoing (partial restoration as of 2023-08-29)'}
Operational Impact: delays in civil and criminal court casesdisruption to email and phone communicationsalternate work methods for staff
Brand Reputation Impact: potential (ongoing investigation and public updates)
Systems Affected: internal networkpublic websiteemail systemslandlines
Downtime: > 2 weeks (from 2025-08-11)
Operational Impact: temporary communication outagesdisrupted legal operations (court continuances for civil/criminal cases)alternative workflows for internal processes
Systems Affected: Main phone lineWebsiteEmail system
Downtime: Temporary interruption (duration unspecified)
Operational Impact: Staff used alternate channels; some court cases received time extensions
Data Compromised: Unknown (investigation ongoing; limited individuals notified)
Systems Affected: WebsiteEmailPhone servicesFile encryption
Downtime: Ongoing as of 2024-08-29 (partial restoration via alternate methods)
Operational Impact: Staff (1,200 employees) adapted to alternate work channels; court extensions granted for criminal/civil cases
Brand Reputation Impact: Potential reputational harm due to public disclosure of attack and data exposure risks
Identity Theft Risk: Possible (limited individuals notified of potential exposure)
Data Compromised: Names, Social security numbers, Medical information
Brand Reputation Impact: Potential reputational harm due to exposure of sensitive personal data
Identity Theft Risk: High (social security numbers and medical records exposed)
Data Compromised: Personal information, Social security numbers
Systems Affected: websiteemailphones
Downtime: 2023-08-09 (start date; duration unspecified)
Operational Impact: Systems offline (website, email, phones)
Brand Reputation Impact: Potential reputational harm due to exposure of sensitive data
Identity Theft Risk: High (social security numbers accessed)
Data Compromised: Personal information (names, ssns, medical records), Investigative unit files, Cellebrite software usage details
Systems Affected: websiteemail accountsphone linesinternal network
Downtime: 3 weeks
Operational Impact: severe disruption to services (website, email, phone lines)
Brand Reputation Impact: high (public disclosure of breach, potential misuse of sensitive data)
Identity Theft Risk: high (SSNs and medical data exposed)
Data Compromised: Names, Social security numbers, Medical information, 5.7 tb of sensitive data (including executive office files, criminal investigations, financial crimes, medicaid fraud, child predator section, environmental crimes, retail theft, special operations, bureau of narcotics, word templates, celebrite software data)
Systems Affected: websiteemail systemsphone systems
Downtime: 3 weeks (approximately)
Operational Impact: disruption of public-facing services (website, email, phone)potential compromise of law enforcement and investigative data
Brand Reputation Impact: potential loss of public trust in OAG's cybersecurity posturemedia coverage of breach and FBI access claims
Identity Theft Risk: ['high (due to exposure of SSNs and medical data)']
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Unknown (under investigation; files encrypted), Personally Identifiable Information (Pii), Protected Health Information (Phi), , Personal Information, Social Security Numbers, , Personal Identifiable Information (Pii), Investigative Files, Law Enforcement Software Data (Cellebrite), , Personally Identifiable Information (Pii), Law Enforcement Investigative Data, Medical Records, Financial Crimes Data, Internal Documents (Word Templates), Forensic Software Data (Celebrite) and .
Entity Name: Pennsylvania Office of Attorney General (OAG)
Entity Type: government agency
Industry: law enforcement
Location: Pennsylvania, USA
Size: ~1,200 employees across 17 offices
Entity Name: Pennsylvania Office of Attorney General (OAG)
Entity Type: government agency (statewide law enforcement)
Industry: public sector / legal
Location: Pennsylvania, USA
Size: ~1,200 staff across 17 locations
Entity Name: Pennsylvania Attorney General’s Office
Entity Type: Government Agency
Industry: Legal/Law Enforcement
Location: Pennsylvania, USA
Size: 1,200 staff members
Entity Name: Pennsylvania Office of Attorney General
Entity Type: Government Agency
Industry: Legal/Law Enforcement
Location: Pennsylvania, USA
Size: ~1,200 employees (17 offices statewide)
Customers Affected: Limited individuals (number unspecified)
Entity Name: Pennsylvania Attorney General's Office
Entity Type: Government Agency
Industry: Legal / Public Sector
Location: Pennsylvania, USA
Customers Affected: Unknown (individuals with personal information exposed)
Entity Name: Pennsylvania Attorney General's Office
Entity Type: Government Agency
Industry: Public Administration / Law Enforcement
Location: Pennsylvania, USA
Customers Affected: Residents of Pennsylvania (exact number unspecified)
Entity Name: Pennsylvania Office of the Attorney General (OAG)
Entity Type: government agency
Industry: law enforcement / legal
Location: Pennsylvania, USA
Entity Name: Pennsylvania Office of the Attorney General (OAG)
Entity Type: government agency (law enforcement)
Industry: public administration / legal services
Location: Harrisburg, Pennsylvania, USA
Incident Response Plan Activated: True
Containment Measures: isolating affected systemsrestoring services incrementally
Remediation Measures: working with other agencies to prevent recurrence
Recovery Measures: restoring email accessbringing website and phone lines back online
Communication Strategy: regular public updatesnotifications to individuals if necessary
Incident Response Plan Activated: True
Third Party Assistance: unnamed partner agencies (investigation)
Remediation Measures: restoration of email accessresumption of public website and phone linesalternative workflows for disrupted internal processes
Recovery Measures: progress toward full operational recoverytransparency updates to the public
Communication Strategy: public updates via Attorney General Dave Sundaysocial media announcements (Twitter/X)
Incident Response Plan Activated: True
Third Party Assistance: Collaboration with other agencies (unspecified)
Remediation Measures: Restoration of phone lines, website, and email accessUse of alternate channels for staff operations
Recovery Measures: Ongoing efforts to restore full operations
Communication Strategy: Public statements and future notifications if nonpublic data is found compromised
Incident Response Plan Activated: True
Third Party Assistance: Partner agencies (unspecified)
Remediation Measures: Alternate work channels/methods for staffFile restoration efforts (status unclear)
Communication Strategy: Press releases (Aug. 29, follow-up on disclosure date)Notifications to affected individuals
Incident Response Plan Activated: True
Third Party Assistance: Cybersecurity specialists involved in investigation
Law Enforcement Notified: FBI notified on 2023-11-14
Communication Strategy: Public statement and direct notifications to potential victims on 2023-11-14; advisory on protective measures provided
Incident Response Plan Activated: Yes (implied by notification and identity protection services)
Remediation Measures: Identity protection services offered to affected individuals
Communication Strategy: Public advisory and notification to affected individuals via email/mail (exact method unspecified)
Incident Response Plan Activated: yes (investigation conducted)
Recovery Measures: restoration of website, email, and phone services after ~3 weeks
Communication Strategy: public disclosure via data incident notice
Incident Response Plan Activated: True
Remediation Measures: setup of toll-free call center for affected individuals (1-833-353-8060)
Recovery Measures: restoration of website, email, and phone systems after ~3 weeks
Communication Strategy: public media noticetoll-free call center for support
Incident Response Plan: The company's incident response plan is described as Yes (implied by notification and identity protection services), , .
Third-Party Assistance: The company involves third-party assistance in incident response through unnamed partner agencies (investigation), Collaboration with other agencies (unspecified), Partner agencies (unspecified), Cybersecurity specialists involved in investigation.
Data Exfiltration: unconfirmed (under investigation)
Data Encryption: True
Data Encryption: True
Type of Data Compromised: Unknown (under investigation; files encrypted)
Data Encryption: True
Personally Identifiable Information: Possible (limited notifications sent)
Type of Data Compromised: Personally identifiable information (pii), Protected health information (phi)
Number of Records Exposed: Unknown
Sensitivity of Data: High (includes SSNs and medical records)
Data Exfiltration: Likely (data was 'accessed without authorization' and confirmed in leak)
Personally Identifiable Information: namessocial security numbersmedical information
Type of Data Compromised: Personal information, Social security numbers
Sensitivity of Data: High (includes SSNs)
Data Exfiltration: Unconfirmed (no evidence of misuse reported)
Personally Identifiable Information: Yes (social security numbers)
Type of Data Compromised: Personal identifiable information (pii), Investigative files, Law enforcement software data (cellebrite)
Sensitivity of Data: high (SSNs, medical records, law enforcement investigative data)
Data Exfiltration: yes (5.7 TB claimed by threat actor)
Data Encryption: yes (file-encrypting malware deployed)
Personally Identifiable Information: yes (names, Social Security numbers, medical information)
Type of Data Compromised: Personally identifiable information (pii), Law enforcement investigative data, Medical records, Financial crimes data, Internal documents (word templates), Forensic software data (celebrite)
Sensitivity of Data: high (includes SSNs, medical info, and law enforcement data)
Data Encryption: ['likely (ransomware attack implies encryption)', 'exfiltration confirmed']
File Types Exposed: documentsinvestigative filesdatabasesforensic software data
Personally Identifiable Information: namesSocial Security numbersmedical information
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: working with other agencies to prevent recurrence, , restoration of email access, resumption of public website and phone lines, alternative workflows for disrupted internal processes, , Restoration of phone lines, website, and email access, Use of alternate channels for staff operations, , Alternate work channels/methods for staff, File restoration efforts (status unclear), , Identity protection services offered to affected individuals, setup of toll-free call center for affected individuals (1-833-353-8060), .
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by isolating affected systems, restoring services incrementally and .
Ransom Demanded: True
Data Encryption: True
Data Exfiltration: unconfirmed (under investigation)
Ransom Paid: No
Ransom Demanded: Undisclosed amount
Data Encryption: True
Ransom Paid: no
Data Encryption: yes
Data Exfiltration: yes (5.7 TB claimed)
Ransomware Strain: Inc Ransom (group name; specific strain unnamed)
Data Encryption: True
Data Exfiltration: True
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through restoring email access, bringing website and phone lines back online, , progress toward full operational recovery, transparency updates to the public, , Ongoing efforts to restore full operations, restoration of website, email, and phone services after ~3 weeks, restoration of website, email, and phone systems after ~3 weeks, .
Recommendations: Working to help other agencies avoid similar scenarios
Recommendations: Monitor financial accounts for suspicious activity (e.g., unauthorized transactions, new accounts)., Request free credit reports annually from www.annualcreditreport.com or via 1-877-322-8228., Follow FTC guidelines for identity theft protection (available at ftc.gov/idtheft)., Report fraudulent activity or identity theft to law enforcement promptly.Monitor financial accounts for suspicious activity (e.g., unauthorized transactions, new accounts)., Request free credit reports annually from www.annualcreditreport.com or via 1-877-322-8228., Follow FTC guidelines for identity theft protection (available at ftc.gov/idtheft)., Report fraudulent activity or identity theft to law enforcement promptly.Monitor financial accounts for suspicious activity (e.g., unauthorized transactions, new accounts)., Request free credit reports annually from www.annualcreditreport.com or via 1-877-322-8228., Follow FTC guidelines for identity theft protection (available at ftc.gov/idtheft)., Report fraudulent activity or identity theft to law enforcement promptly.Monitor financial accounts for suspicious activity (e.g., unauthorized transactions, new accounts)., Request free credit reports annually from www.annualcreditreport.com or via 1-877-322-8228., Follow FTC guidelines for identity theft protection (available at ftc.gov/idtheft)., Report fraudulent activity or identity theft to law enforcement promptly.
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Working to help other agencies avoid similar scenarios.
Source: Infosecurity Magazine
Source: Pennsylvania OAG Public Update (August 29, 2023)
Source: PA Attorney General Dave Sunday (Twitter/X)
Date Accessed: 2025-08-29
Source: CyberInsider
Source: Public statement by Pennsylvania Attorney General’s Office
Source: Tribune News Service (TNS)
Source: Pennsylvania Office of Attorney General Press Release (Aug. 29, 2024)
Source: Pennsylvania Attorney General's Office Statement
Source: FTC Identity Theft Protection Guidelines
Source: Annual Credit Report Request Service
Source: Pennsylvania Attorney General's Office Public Advisory
Source: Pennsylvania OAG Data Incident Notice
Source: Kevin Beaumont's report on CitrixBleed2 exploitation
Date Accessed: 2023-09
Source: Inc Ransom group's claim on dark web
Date Accessed: 2023-09-21
Source: SecurityAffairs
URL: https://securityaffairs.com/154546/data-breach/pennsylvania-oag-data-breach.html
Date Accessed: 2025-11-18
Source: Inc Ransom group (dark web leak site)
Date Accessed: 2025-09-21
Source: Kevin Beaumont (cybersecurity researcher)
Date Accessed: 2025-09
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Infosecurity Magazine, and Source: Pennsylvania OAG Public Update (August 29, 2023), and Source: PA Attorney General Dave Sunday (Twitter/X)Url: https://t.co/5ILLCNE5YCDate Accessed: 2025-08-29, and Source: CyberInsider, and Source: Public statement by Pennsylvania Attorney General’s Office, and Source: Tribune News Service (TNS), and Source: Pennsylvania Office of Attorney General Press Release (Aug. 29, 2024), and Source: Pennsylvania Attorney General's Office Statement, and Source: FTC Identity Theft Protection GuidelinesUrl: https://www.ftc.gov/idtheft, and Source: Annual Credit Report Request ServiceUrl: https://www.annualcreditreport.com, and Source: Pennsylvania Attorney General's Office Public Advisory, and Source: Pennsylvania OAG Data Incident Notice, and Source: Kevin Beaumont's report on CitrixBleed2 exploitationDate Accessed: 2023-09, and Source: Inc Ransom group's claim on dark webDate Accessed: 2023-09-21, and Source: SecurityAffairsUrl: https://securityaffairs.com/154546/data-breach/pennsylvania-oag-data-breach.htmlDate Accessed: 2025-11-18, and Source: Inc Ransom group (dark web leak site)Date Accessed: 2025-09-21, and Source: Kevin Beaumont (cybersecurity researcher)Date Accessed: 2025-09.
Investigation Status: ongoing (active investigation with other agencies)
Investigation Status: ongoing (criminal investigation with partner agencies)
Investigation Status: Ongoing (collaboration with other agencies)
Investigation Status: Active (ongoing; details limited due to sensitivity)
Investigation Status: Ongoing (FBI investigating; no evidence of data misuse as of disclosure)
Investigation Status: Ongoing (no evidence of misuse reported as of disclosure)
Investigation Status: ongoing (potential access confirmed, but no evidence of misuse)
Investigation Status: ongoing (as of November 2025; no evidence of data misuse found)
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Regular Public Updates, Notifications To Individuals If Necessary, Public Updates Via Attorney General Dave Sunday, Social Media Announcements (Twitter/X), Public statements and future notifications if nonpublic data is found compromised, Press Releases (Aug. 29, Follow-Up On Disclosure Date), Notifications To Affected Individuals, Public statement and direct notifications to potential victims on 2023-11-14; advisory on protective measures provided, Public advisory and notification to affected individuals via email/mail (exact method unspecified), public disclosure via data incident notice, Public Media Notice and Toll-Free Call Center For Support.
Stakeholder Advisories: Regular Public Updates, Potential Notifications To Individuals If Data Breach Confirmed.
Stakeholder Advisories: Public Updates On Restoration Progress, Court Continuances For Affected Legal Cases.
Stakeholder Advisories: Future updates will include notifications if nonpublic information is compromised
Stakeholder Advisories: Court orders issued for case extensions; limited individual notifications
Customer Advisories: Notifications sent to affected individuals (scope unspecified)
Stakeholder Advisories: Notifications sent to potential victims on 2023-11-14 with protective measures.
Customer Advisories: Public statement issued; victims advised to monitor accounts, request credit reports, and follow FTC identity theft protection steps.
Stakeholder Advisories: Residents advised to check if affected via provided link (URL not specified in text)
Customer Advisories: Affected individuals notified on a Friday (exact date unspecified); identity protection services offered
Customer Advisories: Data incident notice published (2023-09, exact date unclear)
Stakeholder Advisories: Toll-Free Call Center For Affected Individuals.
Customer Advisories: media notice acknowledging breach but no specific guidance beyond call center
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Regular Public Updates, Potential Notifications To Individuals If Data Breach Confirmed, Public Updates On Restoration Progress, Court Continuances For Affected Legal Cases, Future updates will include notifications if nonpublic information is compromised, Court orders issued for case extensions; limited individual notifications, Notifications sent to affected individuals (scope unspecified), Notifications sent to potential victims on 2023-11-14 with protective measures., Public statement issued; victims advised to monitor accounts, request credit reports, and follow FTC identity theft protection steps., Residents advised to check if affected via provided link (URL not specified in text), Affected individuals notified on a Friday (exact date unspecified); identity protection services offered, Data incident notice published (2023-09, exact date unclear), Toll-Free Call Center For Affected Individuals, Media Notice Acknowledging Breach But No Specific Guidance Beyond Call Center and .
Entry Point: Citrix Netscaler vulnerability (CitrixBleed2)
High Value Targets: Investigative Unit Files, Cellebrite Software Data,
Data Sold on Dark Web: Investigative Unit Files, Cellebrite Software Data,
Entry Point: Citrix NetScaler vulnerability (CitrixBleed2)
High Value Targets: Law Enforcement Data, Fbi Internal Network (Claimed But Unconfirmed), Medical And Financial Records,
Data Sold on Dark Web: Law Enforcement Data, Fbi Internal Network (Claimed But Unconfirmed), Medical And Financial Records,
Corrective Actions: Collaboration With Other Agencies To Prevent Future Incidents,
Root Causes: exploitation of unpatched CitrixBleed2 vulnerability in Citrix Netscaler
Root Causes: Unpatched Citrix Netscaler Vulnerability (Citrixbleed2), Potential Lack Of Network Segmentation Or Lateral Movement Controls,
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as unnamed partner agencies (investigation), Collaboration with other agencies (unspecified), Partner agencies (unspecified), Cybersecurity specialists involved in investigation.
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Collaboration With Other Agencies To Prevent Future Incidents, .
Ransom Payment History: The company has Paid ransoms in the past.
Last Ransom Demanded: The amount of the last ransom demanded was True.
Last Attacking Group: The attacking group in the last incident were an unknown, Malicious actor (unknown), Inc Ransom group and Inc Ransom group.
Most Recent Incident Detected: The most recent incident detected was on 2023-08-01.
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-11-18.
Most Significant Data Compromised: The most significant data compromised in an incident were Unknown (investigation ongoing; limited individuals notified), names, social security numbers, medical information, , personal information, social security numbers, , personal information (names, SSNs, medical records), investigative unit files, Cellebrite software usage details, , names, Social Security numbers, medical information, 5.7 TB of sensitive data (including Executive Office files, Criminal Investigations, Financial Crimes, Medicaid Fraud, Child Predator Section, Environmental Crimes, Retail Theft, Special Operations, Bureau of Narcotics, Word Templates, Celebrite software data) and .
Most Significant System Affected: The most significant system affected in an incident was serverswebsiteemail accountsland phone lines and internal networkpublic websiteemail systemslandlines and Main phone lineWebsiteEmail system and WebsiteEmailPhone servicesFile encryption and websiteemailphones and websiteemail accountsphone linesinternal network and websiteemail systemsphone systems.
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was unnamed partner agencies (investigation), Collaboration with other agencies (unspecified), Partner agencies (unspecified), Cybersecurity specialists involved in investigation.
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was isolating affected systemsrestoring services incrementally.
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were social security numbers, Unknown (investigation ongoing; limited individuals notified), names, medical information, personal information (names, SSNs, medical records), 5.7 TB of sensitive data (including Executive Office files, Criminal Investigations, Financial Crimes, Medicaid Fraud, Child Predator Section, Environmental Crimes, Retail Theft, Special Operations, Bureau of Narcotics, Word Templates, Celebrite software data), Social Security numbers, personal information, Cellebrite software usage details and investigative unit files.
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 0.
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was Undisclosed amount.
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Report fraudulent activity or identity theft to law enforcement promptly., Working to help other agencies avoid similar scenarios, Request free credit reports annually from www.annualcreditreport.com or via 1-877-322-8228., Monitor financial accounts for suspicious activity (e.g., unauthorized transactions, new accounts). and Follow FTC guidelines for identity theft protection (available at ftc.gov/idtheft)..
Most Recent Source: The most recent source of information about an incident are Pennsylvania Office of Attorney General Press Release (Aug. 29, 2024), Kevin Beaumont (cybersecurity researcher), SecurityAffairs, Pennsylvania OAG Data Incident Notice, PA Attorney General Dave Sunday (Twitter/X), Annual Credit Report Request Service, Public statement by Pennsylvania Attorney General’s Office, Tribune News Service (TNS), Infosecurity Magazine, Pennsylvania OAG Public Update (August 29, 2023), CyberInsider, Inc Ransom group's claim on dark web, Pennsylvania Attorney General's Office Statement, FTC Identity Theft Protection Guidelines, Inc Ransom group (dark web leak site), Kevin Beaumont's report on CitrixBleed2 exploitation and Pennsylvania Attorney General's Office Public Advisory.
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://t.co/5ILLCNE5YC, https://www.ftc.gov/idtheft, https://www.annualcreditreport.com, https://securityaffairs.com/154546/data-breach/pennsylvania-oag-data-breach.html .
Current Status of Most Recent Investigation: The current status of the most recent investigation is ongoing (active investigation with other agencies).
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was regular public updates, potential notifications to individuals if data breach confirmed, public updates on restoration progress, court continuances for affected legal cases, Future updates will include notifications if nonpublic information is compromised, Court orders issued for case extensions; limited individual notifications, Notifications sent to potential victims on 2023-11-14 with protective measures., Residents advised to check if affected via provided link (URL not specified in text), toll-free call center for affected individuals, .
Most Recent Customer Advisory: The most recent customer advisory issued were an Notifications sent to affected individuals (scope unspecified), Public statement issued; victims advised to monitor accounts, request credit reports, and follow FTC identity theft protection steps., Affected individuals notified on a Friday (exact date unspecified); identity protection services offered, Data incident notice published (2023-09, exact date unclear) and media notice acknowledging breach but no specific guidance beyond call center.
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Citrix NetScaler vulnerability (CitrixBleed2) and Citrix Netscaler vulnerability (CitrixBleed2).
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was exploitation of unpatched CitrixBleed2 vulnerability in Citrix Netscaler, unpatched Citrix NetScaler vulnerability (CitrixBleed2)potential lack of network segmentation or lateral movement controls.
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was collaboration with other agencies to prevent future incidents.
.png)
MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string format is provided, it is passed directly to shell interpretation (sh -c) without input validation, allowing shell metacharacters to be interpreted. This vulnerability can be exploited through direct command injection or indirect prompt injection attacks, where AI agents may execute commands without explicit user intent. This vulnerability is fixed in 2.9.8.
XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in the authentication flow. This vulnerability is fixed in 5.9.8.
Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1.
Get company history
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rapid