Pennsylvania Office of Attorney General Company CyberSecurity Posture

attorneygeneral.gov
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

The Pennsylvania Attorney General is the chief law enforcement officer in the Commonwealth, but the office also does extensive work in consumer protection and provides resources for a variety of issues. The office maintains the highest standards of ethics to protect life, property, and constitutional and consumer rights, so as to ensure safety and freedom for those living in and visiting the Commonwealth. We collaborate with partner agencies and groups to enforce the law and defend the interests of the Commonwealth and its diverse citizens. As a workplace, we pride ourselves on providing a fair, diverse and encouraging atmosphere with many avenues for growth and development and offices all over the state. Through our benefits and schedules, we want employees to know that we value their free time so they can come to work excited and motivated to help the public we serve. Values Integrity – We conduct ourselves with uncompromised honesty, honor, and ethics. Human Dignity – We recognize the value, circumstances, and rights of all, including those charged under the law. Justice – We will be unbiased and impartial in pursuit of accountability for those who breach state and federal laws to harm others. Professionalism – We are accountable to the constituents we serve, and to each other, to act in the best interests of Pennsylvanians and will always aim for improvement and advancement. Leadership – We demand ethical leadership from our team members while maintaining relationships with partner organizations who can entrust us to set and achieve a standard of excellence.

Pennsylvania Office of Attorney General A.I CyberSecurity Scoring

POAG

Company Details

Linkedin ID:

pennsylvania-office-of-attorney-general

Website:

http://www.attorneygeneral.gov

Employees number:

802

Number of followers:

6,864

NAICS:

92212

Industry Type:

Law Enforcement

Homepage:

attorneygeneral.gov

IP Addresses:

Scan still pending

Company ID:

PEN_2009747

Scan Status:

In-progress

AI scorePOAG Risk Score (AI oriented)

Between 0 and 549

https://images.rankiteo.com/companyimages/pennsylvania-office-of-attorney-general.jpeg
POAG Law Enforcement
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscorePOAG Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/pennsylvania-office-of-attorney-general.jpeg
POAG Law Enforcement
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Pennsylvania Office of Attorney General

Critical
Current Score
100
C (Critical)
01000
8 incidents
-120.2 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

DECEMBER 2025
100
NOVEMBER 2025
100
Ransomware
18 Nov 2025 • Pennsylvania Office of the Attorney General (OAG)
Pennsylvania Office of the Attorney General Ransomware Attack and Data Breach

The Pennsylvania OAG suffered a **ransomware attack** by the **Inc Ransom group**, leading to a **data breach** where **5.7 TB of sensitive data** was allegedly stolen, including **personal information (names, Social Security numbers, medical records)** from investigative units and Cellebrite software usage details. The attack disrupted **websites, emails, and phone lines for three weeks**, though no ransom was paid. The breach involved exploitation of the **CitrixBleed2 vulnerability (Citrix Netscaler)**, granting hackers access to internal networks. While the OAG claims **no evidence of misuse**, ransomware groups typically leak or sell stolen data in cybercriminal circles. The full scope of affected individuals remains unclear, but the breach exposed highly sensitive government and citizen data, posing risks of identity theft, fraud, and operational disruptions.

100
critical Already minimum
PEN2492824111825
Incident Details -
Type
ransomware data breach
Attack Vector
Exploitation of CitrixBleed2 vulnerability in Citrix Netscaler
Vulnerability Exploited
CitrixBleed2 (CVE unknown, related to Citrix Netscaler)
Motivation
financial gain data theft disruption
Impact
personal information (names, SSNs, medical records) investigative unit files Cellebrite software usage details website email accounts phone lines internal network Downtime: 3 weeks Operational Impact: severe disruption to services (website, email, phone lines) Brand Reputation Impact: high (public disclosure of breach, potential misuse of sensitive data) Identity Theft Risk: high (SSNs and medical data exposed)
Response
Incident Response Plan Activated: yes (investigation conducted) Recovery Measures: restoration of website, email, and phone services after ~3 weeks Communication Strategy: public disclosure via data incident notice
Data Breach
personal identifiable information (PII) investigative files law enforcement software data (Cellebrite) Sensitivity Of Data: high (SSNs, medical records, law enforcement investigative data) Data Exfiltration: yes (5.7 TB claimed by threat actor) Data Encryption: yes (file-encrypting malware deployed) Personally Identifiable Information: yes (names, Social Security numbers, medical information)
Investigation Status
ongoing (potential access confirmed, but no evidence of misuse)
Customer Advisories
Data incident notice published (2023-09, exact date unclear)
Initial Access Broker
Entry Point: Citrix Netscaler vulnerability (CitrixBleed2) investigative unit files Cellebrite software data Data Sold On Dark Web: claimed by Inc Ransom group (5.7 TB)
Post Incident Analysis
Root Causes: exploitation of unpatched CitrixBleed2 vulnerability in Citrix Netscaler
References
Blog URL Source URL
OCTOBER 2025
100
SEPTEMBER 2025
100
AUGUST 2025
166
Ransomware
11 Aug 2025 • Pennsylvania Office of Attorney General (OAG)
Ransomware Attack on Pennsylvania Office of Attorney General (OAG)

The Pennsylvania Office of Attorney General (OAG) suffered a **ransomware attack** on **August 11, 2025**, where threat actors encrypted critical files to extort the agency. The attack disrupted **internal networks, public websites, email systems, and landlines**, causing **two weeks of operational outages**. While no ransom was paid, the incident forced procedural delays in **civil and criminal court cases**, though no prosecutions or investigations were permanently compromised. Staff temporarily relied on alternative workflows, with **email and phone services restored gradually**. The OAG, a **statewide law enforcement agency with ~1,200 employees**, maintained core functions (e.g., court appearances, public safety operations) despite the disruption. No data leaks were reported, and no ransomware group claimed responsibility. The attack’s **infection vector and strain remain undisclosed**, but recovery efforts prioritized **containment and operational continuity** without yielding to extortion demands.

100
high -66
PEN453090325
Incident Details -
Type
ransomware
Motivation
extortion
Impact
internal network public website email systems landlines Downtime: > 2 weeks (from 2025-08-11) temporary communication outages disrupted legal operations (court continuances for civil/criminal cases) alternative workflows for internal processes
Response
Third Party Assistance: unnamed partner agencies (investigation) restoration of email access resumption of public website and phone lines alternative workflows for disrupted internal processes progress toward full operational recovery transparency updates to the public public updates via Attorney General Dave Sunday social media announcements (Twitter/X)
Investigation Status
['ongoing (criminal investigation with partner agencies)']
Stakeholder Advisories
public updates on restoration progress court continuances for affected legal cases
References
Blog URL Source URL
AUGUST 2025
234
Breach
09 Aug 2025 • Pennsylvania Attorney General's Office
Data Breach at Pennsylvania Attorney General's Office

The Pennsylvania Attorney General's Office experienced a data breach where unauthorized access led to the exposure of individuals' personal information, including names, Social Security numbers, and medical records. The breach was discovered on **August 9**, and an investigation confirmed the leak of sensitive data. While there is no evidence of misuse, the potential compromise of highly confidential information—such as medical records and SSNs—poses severe risks, including identity theft, financial fraud, and long-term reputational harm. Victims were notified on **November 14**, and the FBI was involved in the investigation. The breach underscores critical vulnerabilities in safeguarding personally identifiable information (PII) and health data, which could have cascading legal, operational, and trust-related consequences for the office and affected individuals.

166
critical -68
PEN1002110111525
Incident Details -
Type
Data Breach
Impact
names social security numbers medical information Brand Reputation Impact: Potential reputational harm due to exposure of sensitive personal data Identity Theft Risk: High (social security numbers and medical records exposed)
Response
Third Party Assistance: Cybersecurity specialists involved in investigation Law Enforcement Notified: FBI notified on 2023-11-14 Communication Strategy: Public statement and direct notifications to potential victims on 2023-11-14; advisory on protective measures provided
Data Breach
personally identifiable information (PII) protected health information (PHI) Number Of Records Exposed: Unknown Sensitivity Of Data: High (includes SSNs and medical records) Data Exfiltration: Likely (data was 'accessed without authorization' and confirmed in leak) names social security numbers medical information
Recommendations
Monitor financial accounts for suspicious activity (e.g., unauthorized transactions, new accounts). Request free credit reports annually from www.annualcreditreport.com or via 1-877-322-8228. Follow FTC guidelines for identity theft protection (available at ftc.gov/idtheft). Report fraudulent activity or identity theft to law enforcement promptly.
Investigation Status
Ongoing (FBI investigating; no evidence of data misuse as of disclosure)
Customer Advisories
Public statement issued; victims advised to monitor accounts, request credit reports, and follow FTC identity theft protection steps.
Stakeholder Advisories
Notifications sent to potential victims on 2023-11-14 with protective measures.
References
Blog URL Source URL
AUGUST 2025
472
Cyber Attack
01 Aug 2025 • Pennsylvania Attorney General’s Office
Cyberattack on Pennsylvania Attorney General’s Office

The Pennsylvania Attorney General’s Office was targeted in a cyberattack in early August, causing a temporary disruption to its operations. While the attack led to interruptions—including delays in court proceedings, reliance on alternate communication channels, and limited access to systems—most of the 1,200 staff members have since resumed daily duties. The office’s main phone line, website, and email services were restored, though full functionality remains under recovery. No ransom was paid, and the attackers remain unidentified. The investigation is ongoing, with potential notifications to individuals if nonpublic data was compromised. The incident aligns with a broader trend of rising cyber threats against government agencies, though no evidence suggests lasting harm to criminal prosecutions, civil proceedings, or investigations. The attack underscores vulnerabilities in public sector cybersecurity, prompting collaborative efforts to prevent similar breaches in other agencies.

231
high -241
PEN509090325
Incident Details -
Type
Cyberattack
Impact
Main phone line Website Email system Downtime: Temporary interruption (duration unspecified) Operational Impact: Staff used alternate channels; some court cases received time extensions
Response
Third Party Assistance: Collaboration with other agencies (unspecified) Restoration of phone lines, website, and email access Use of alternate channels for staff operations Recovery Measures: Ongoing efforts to restore full operations Communication Strategy: Public statements and future notifications if nonpublic data is found compromised
Recommendations
Working to help other agencies avoid similar scenarios
Investigation Status
['Ongoing (collaboration with other agencies)']
Stakeholder Advisories
Future updates will include notifications if nonpublic information is compromised
References
Blog URL Source URL
Ransomware
01 Aug 2025 • Pennsylvania’s Office of Attorney General (OAG)
Ransomware Attack on Pennsylvania’s Office of Attorney General (OAG)

The Pennsylvania Office of Attorney General (OAG) suffered a **ransomware attack** in August, disrupting critical operations. The attack encrypted OAG servers, forcing systems offline, including the agency’s website, email accounts, and landline phones. While no ransom was paid, the incident caused **delays in civil and criminal court cases**, requiring extensions for ongoing proceedings. Approximately **1,200 employees** across 17 offices were impacted, relying on alternate communication methods during recovery. The OAG, serving as Pennsylvania’s top law enforcement agency, faced operational disruptions in prosecuting criminal cases and enforcing consumer protections. Although most services (email, website, and phone lines) were restored, the investigation remains ongoing to determine if data was stolen. The attack underscored vulnerabilities in government cybersecurity, prompting collaborative efforts with other agencies to prevent future incidents. No evidence yet suggests long-term harm to prosecutions or civil proceedings, but the **operational outage and potential data exposure** pose significant risks to legal processes and public trust.

231
critical -241
PEN812090225
Incident Details -
Type
ransomware cyberattack
Motivation
financial (ransom demand)
Impact
servers website email accounts land phone lines Start: 2023-08-01 Duration: ongoing (partial restoration as of 2023-08-29) delays in civil and criminal court cases disruption to email and phone communications alternate work methods for staff Brand Reputation Impact: potential (ongoing investigation and public updates)
Response
isolating affected systems restoring services incrementally working with other agencies to prevent recurrence restoring email access bringing website and phone lines back online regular public updates notifications to individuals if necessary
Data Breach
Data Exfiltration: unconfirmed (under investigation)
Investigation Status
['ongoing (active investigation with other agencies)']
Stakeholder Advisories
regular public updates potential notifications to individuals if data breach confirmed
Post Incident Analysis
collaboration with other agencies to prevent future incidents
References
Blog URL Source URL
JULY 2025
534
Breach
01 Jul 2025 • Pennsylvania Attorney General's Office
Pennsylvania Attorney General's Office Data Breach

The Pennsylvania Attorney General's Office experienced a **data breach** in August, where unauthorized actors accessed its systems, causing the website, email, and phone services to go offline. The incident exposed residents' **personal information, including Social Security numbers**, though there is currently **no evidence of misuse**. Affected individuals were notified in October, and the office offered **identity protection services** as a precautionary measure. The breach was detected shortly after a separate **statewide 911 outage in July**, which was later confirmed to be unrelated—attributed to a **technical failure** rather than a cyberattack. While the breach did not result in confirmed fraud or data exploitation, the exposure of **sensitive personally identifiable information (PII)** poses significant risks for identity theft and financial fraud. The office has not disclosed the exact number of affected residents or the method of intrusion, but the incident underscores vulnerabilities in government cybersecurity infrastructure.

465
critical -69
PEN1592115111625
Incident Details -
Type
Data Breach
Impact
personal information social security numbers website email phones Downtime: 2023-08-09 (start date; duration unspecified) Operational Impact: Systems offline (website, email, phones) Brand Reputation Impact: Potential reputational harm due to exposure of sensitive data Identity Theft Risk: High (social security numbers accessed)
Response
Incident Response Plan Activated: Yes (implied by notification and identity protection services) Remediation Measures: Identity protection services offered to affected individuals Communication Strategy: Public advisory and notification to affected individuals via email/mail (exact method unspecified)
Data Breach
personal information social security numbers Sensitivity Of Data: High (includes SSNs) Data Exfiltration: Unconfirmed (no evidence of misuse reported) Personally Identifiable Information: Yes (social security numbers)
Investigation Status
Ongoing (no evidence of misuse reported as of disclosure)
Customer Advisories
Affected individuals notified on a Friday (exact date unspecified); identity protection services offered
Stakeholder Advisories
Residents advised to check if affected via provided link (URL not specified in text)
References
Blog URL Source URL
JUNE 2025
534
MAY 2025
679
Ransomware
01 May 2025 • Pennsylvania Office of the Attorney General
Ransomware Attack on Pennsylvania Office of Attorney General

The Pennsylvania Office of the Attorney General (OAG) suffered a targeted **ransomware attack** on **August 11**, where a malicious actor encrypted critical files in an attempt to extort a ransom payment. The attack disrupted **website, email, and phone systems**, forcing ~1,200 employees across 17 offices to rely on alternate work methods. While the OAG confirmed no ransom was paid, the incident triggered **court-ordered extensions** for criminal and civil cases, though officials claimed no prosecutions or investigations were negatively impacted. The attack’s scope remains partially undisclosed due to an **ongoing investigation**, but the OAG acknowledged that **sensitive personal information** of some individuals may have been compromised. The agency alerted affected parties while working with partner agencies to assess the breach’s full impact. Despite operational disruptions—including potential **data exposure** and **blackmail attempts**—the OAG emphasized its commitment to fulfilling its mission without conceding to hacker demands. The long-term consequences, such as **reputational damage** or **legal liabilities**, remain uncertain as restoration efforts continue.

522
critical -157
PEN2502025091925
Incident Details -
Type
Ransomware Attack
Motivation
Financial extortion (ransomware)
Impact
Data Compromised: Unknown (investigation ongoing; limited individuals notified) Website Email Phone services File encryption Downtime: Ongoing as of 2024-08-29 (partial restoration via alternate methods) Operational Impact: Staff (1,200 employees) adapted to alternate work channels; court extensions granted for criminal/civil cases Brand Reputation Impact: Potential reputational harm due to public disclosure of attack and data exposure risks Identity Theft Risk: Possible (limited individuals notified of potential exposure)
Response
Third Party Assistance: Partner agencies (unspecified) Alternate work channels/methods for staff File restoration efforts (status unclear) Press releases (Aug. 29, follow-up on disclosure date) Notifications to affected individuals
Data Breach
Type Of Data Compromised: Unknown (under investigation; files encrypted) Personally Identifiable Information: Possible (limited notifications sent)
Investigation Status
Active (ongoing; details limited due to sensitivity)
Customer Advisories
Notifications sent to affected individuals (scope unspecified)
Stakeholder Advisories
Court orders issued for case extensions; limited individual notifications
References
Blog URL Source URL
APRIL 2025
679
MARCH 2025
677
FEBRUARY 2025
675
JANUARY 2025
674
JUNE 2023
763
Ransomware
16 Jun 2023 • Pennsylvania Office of the Attorney General (OAG)
Pennsylvania Office of the Attorney General (OAG) confirms data breach after August ransomware attack by Inc Ransom group

The Pennsylvania Office of the Attorney General (OAG) suffered a **ransomware attack** in **August 2025**, attributed to the **Inc Ransom group**, resulting in a confirmed **data breach**. The attack disrupted the OAG’s **website, email, and phone systems for three weeks**, while the threat actors claimed to have stolen **5.7 TB of sensitive data**, including files from critical divisions such as **Criminal Investigations, Medicaid Fraud, Child Predator Section, Bureau of Narcotics, and FBI-related internal network access**. The breach exposed **personal information** of individuals, including **names, Social Security numbers, and medical records**, though the OAG stated there was **no evidence of misuse**. The **Inc Ransom group** publicly took responsibility, asserting they had compromised **highly sensitive law enforcement data**, including **executive office files, investigative bureaus, and templates related to high-profile cases**. The initial access was linked to the exploitation of the **CitrixBleed2 vulnerability (CVE-2023-4966)** in Citrix NetScaler. The OAG established a **toll-free helpline** for affected individuals but did not disclose the full scope of the breach or the number of victims.

635
critical -128
PEN4902049111925
Incident Details -
Type
data breach ransomware attack
Attack Vector
exploitation of CitrixBleed2 vulnerability (Citrix NetScaler) ransomware deployment
Vulnerability Exploited
CitrixBleed2 (CVE not explicitly mentioned but inferred as Citrix NetScaler vulnerability)
Motivation
financial gain (extortion) data theft disruption
Impact
names Social Security numbers medical information 5.7 TB of sensitive data (including Executive Office files, Criminal Investigations, Financial Crimes, Medicaid Fraud, Child Predator Section, Environmental Crimes, Retail Theft, Special Operations, Bureau of Narcotics, Word Templates, Celebrite software data) website email systems phone systems Downtime: 3 weeks (approximately) disruption of public-facing services (website, email, phone) potential compromise of law enforcement and investigative data potential loss of public trust in OAG's cybersecurity posture media coverage of breach and FBI access claims high (due to exposure of SSNs and medical data)
Response
setup of toll-free call center for affected individuals (1-833-353-8060) restoration of website, email, and phone systems after ~3 weeks public media notice toll-free call center for support
Data Breach
personally identifiable information (PII) law enforcement investigative data medical records financial crimes data internal documents (Word Templates) forensic software data (Celebrite) Sensitivity Of Data: high (includes SSNs, medical info, and law enforcement data) likely (ransomware attack implies encryption) exfiltration confirmed documents investigative files databases forensic software data names Social Security numbers medical information
Investigation Status
ongoing (as of November 2025; no evidence of data misuse found)
Customer Advisories
media notice acknowledging breach but no specific guidance beyond call center
Stakeholder Advisories
toll-free call center for affected individuals
Initial Access Broker
Entry Point: Citrix NetScaler vulnerability (CitrixBleed2) law enforcement data FBI internal network (claimed but unconfirmed) medical and financial records claimed by Inc Ransom (5.7 TB data leak advertised)
Post Incident Analysis
unpatched Citrix NetScaler vulnerability (CitrixBleed2) potential lack of network segmentation or lateral movement controls
References
Blog URL Source URL

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for Pennsylvania Office of Attorney General is 100, which corresponds to a Critical rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 100.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 100.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 100.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 231.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 465.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 534.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 522.

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 679.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2025 was 677.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2025 was 675.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2025 was 674.

Over the past 12 months, the average per-incident point impact on Pennsylvania Office of Attorney General’s A.I Rankiteo Cyber Score has been -120.2 points.

You can access Pennsylvania Office of Attorney General’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/pennsylvania-office-of-attorney-general.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view Pennsylvania Office of Attorney General’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/pennsylvania-office-of-attorney-general.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.