Pennsylvania Attorney General's Office hit by cybersecurity incident, shuts down digital infrastructure

The Pennsylvania Attorney General's Office reports a cybersecurity incident on Monday, August 12, 2025, that rendered its entire digital infrastructure offline. 

Attorney General Dave Sunday announced the outage on Twitter, calling it a "cyber incident," which has taken down the office's website, email accounts, and phone lines.

The disruption is preventing citizens from providing tips, accessing resources, or contacting the office through traditional channels. Staff members are continuing their work and are collaborating with supervisors to "minimize any interruptions".

The nature of the attack and any exposed data is not disclosed. The Attorney Genera said in a statement that "In collaboration with our law enforcement partners, we will work diligently to restore systems".

Update - it's possible that the attack exploited the Citrix NetScaler vulnerable to CVE-2025-5777, known as Citrix Bleed 2, and several other related bugs.

As of 21st of September 2025, INC Ransom apparently listed the Pennsylvania Attorney General’s Office to its darkweb leak site. The update showed up on ransomlook[.]io. Attempts to find the actual listing on the dark web leak site failed. At this point, then, it is not clear whether INC Ransom have leaked data or not.

As of 14th of November 2025, The Pennsylvania Attorney General's Office notified potential victims that the breach exposed an unknown number of individuals' personal information including names, Social Security numbers, and medical records. The number of affected individuals is not disclosed.