State Attorney General’s Office

In August 2025, the **State Attorney General’s Office** detected a **cybersecurity incident** involving unauthorized access to files containing **personal data**, including **names, Social Security numbers, and medical information**. While the investigation found no evidence of misuse or attempted misuse of the compromised data, the breach exposed sensitive information of an undisclosed number of individuals. The office engaged cybersecurity experts, implemented additional security measures, and reported the incident to the **FBI**. Affected individuals were notified in November 2025 and offered **identity protection services**. The breach underscores vulnerabilities in handling **personally identifiable information (PII)**, though no financial fraud, public disclosure, or systemic disruption was confirmed. The office emphasized its commitment to privacy and urged affected parties to monitor financial accounts and credit reports for suspicious activity.

Source: https://www.pennlive.com/news/2025/11/pa-attorney-general-reports-data-breach-affecting-personal-information.html

Office of the New York State Attorney General cybersecurity rating report: https://www.rankiteo.com/company/office-of-the-attorney-general-of-the-state-of-new-york

"id": "OFF3532135111525",
"linkid": "office-of-the-attorney-general-of-the-state-of-new-york",
"type": "Breach",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Legal / Public Sector',
                        'name': 'State Attorney General’s Office',
                        'type': 'Government Agency'}],
 'customer_advisories': 'Emailed notices (Nov. 14, 2025) with instructions for '
                        'credit monitoring and identity protection.',
 'data_breach': {'personally_identifiable_information': ['names',
                                                         'Social Security '
                                                         'numbers',
                                                         'medical information'],
                 'sensitivity_of_data': 'High (SSNs, medical records)',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Protected Health Information '
                                              '(PHI)']},
 'date_detected': '2025-08-09',
 'date_publicly_disclosed': '2025-11-14',
 'description': 'A cybersecurity incident detected on Aug. 9, 2025, involved '
                'potential unauthorized access to personal information, '
                'including names, Social Security numbers, and/or medical '
                'information. While no evidence of misuse was found, the '
                'office took security measures and offered identity protection '
                'services to affected individuals. The incident was reported '
                'to the FBI, and notices were emailed to affected parties on '
                'Nov. 14, 2025.',
 'impact': {'brand_reputation_impact': 'Potential concern due to exposure of '
                                       'sensitive personal data',
            'data_compromised': ['names',
                                 'Social Security numbers',
                                 'medical information'],
            'identity_theft_risk': 'High (due to exposure of SSNs and medical '
                                   'data)'},
 'investigation_status': 'Ongoing (cooperation with FBI)',
 'post_incident_analysis': {'corrective_actions': 'Security measures '
                                                  'implemented to prevent '
                                                  'recurrence'},
 'recommendations': ['Monitor financial accounts for suspicious activity '
                     '(e.g., unauthorized transactions, new accounts).',
                     'Request free annual credit reports from TransUnion, '
                     'Experian, and Equifax via www.annualcreditreport.com or '
                     '1-877-322-8228.',
                     'Follow FTC guidelines to protect against identity theft '
                     '(www.ftc.gov).',
                     'Contact the Attorney General’s office at 1-833-353-8060 '
                     'for assistance.'],
 'references': [{'source': 'State Attorney General’s Office Public Advisory'}],
 'regulatory_compliance': {'regulatory_notifications': 'FBI notified; '
                                                       'cooperation ongoing'},
 'response': {'communication_strategy': 'Emailed notices sent to affected '
                                        'individuals (Nov. 14, 2025); public '
                                        'advisory issued with protective '
                                        'guidance',
              'incident_response_plan_activated': True,
              'law_enforcement_notified': True,
              'recovery_measures': 'Identity protection services offered to '
                                   'affected individuals',
              'remediation_measures': 'Security measures implemented to '
                                      'prevent future incidents',
              'third_party_assistance': 'Cybersecurity experts engaged'},
 'stakeholder_advisories': 'Public statement issued with protective guidance '
                           'for affected individuals.',
 'title': 'Data Security Incident at State Attorney General’s Office',
 'type': 'Data Breach / Unauthorized Access'}