Pennsylvania Attorney General's Office

The Pennsylvania Attorney General's Office experienced a data breach where unauthorized access led to the exposure of individuals' personal information, including names, Social Security numbers, and medical records. The breach was discovered on **August 9**, and an investigation confirmed the leak of sensitive data. While there is no evidence of misuse, the potential compromise of highly confidential information—such as medical records and SSNs—poses severe risks, including identity theft, financial fraud, and long-term reputational harm. Victims were notified on **November 14**, and the FBI was involved in the investigation. The breach underscores critical vulnerabilities in safeguarding personally identifiable information (PII) and health data, which could have cascading legal, operational, and trust-related consequences for the office and affected individuals.

Source: https://local21news.com/news/local/attorney-general-gives-statement-after-data-breach-leaks-social-security-medical-records

Pennsylvania Office of Attorney General cybersecurity rating report: https://www.rankiteo.com/company/pennsylvania-office-of-attorney-general

"id": "PEN1002110111525",
"linkid": "pennsylvania-office-of-attorney-general",
"type": "Breach",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Unknown (individuals with '
                                              'personal information exposed)',
                        'industry': 'Legal / Public Sector',
                        'location': 'Pennsylvania, USA',
                        'name': "Pennsylvania Attorney General's Office",
                        'type': 'Government Agency'}],
 'customer_advisories': 'Public statement issued; victims advised to monitor '
                        'accounts, request credit reports, and follow FTC '
                        'identity theft protection steps.',
 'data_breach': {'data_exfiltration': "Likely (data was 'accessed without "
                                      "authorization' and confirmed in leak)",
                 'number_of_records_exposed': 'Unknown',
                 'personally_identifiable_information': ['names',
                                                         'social security '
                                                         'numbers',
                                                         'medical information'],
                 'sensitivity_of_data': 'High (includes SSNs and medical '
                                        'records)',
                 'type_of_data_compromised': ['personally identifiable '
                                              'information (PII)',
                                              'protected health information '
                                              '(PHI)']},
 'date_detected': '2023-08-09',
 'date_publicly_disclosed': '2023-11-14',
 'description': "The Pennsylvania Attorney General's Office disclosed a data "
                "breach that leaked an unknown number of individuals' personal "
                'information, including social security numbers and medical '
                'records. Officials became aware of the unauthorized access on '
                'August 9. An investigation confirmed the leak, and '
                'notifications were sent to potential victims on November 14. '
                'The FBI is investigating the incident, though there is no '
                'evidence of data misuse.',
 'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
                                       'exposure of sensitive personal data',
            'data_compromised': ['names',
                                 'social security numbers',
                                 'medical information'],
            'identity_theft_risk': 'High (social security numbers and medical '
                                   'records exposed)'},
 'investigation_status': 'Ongoing (FBI investigating; no evidence of data '
                         'misuse as of disclosure)',
 'recommendations': ['Monitor financial accounts for suspicious activity '
                     '(e.g., unauthorized transactions, new accounts).',
                     'Request free credit reports annually from '
                     'www.annualcreditreport.com or via 1-877-322-8228.',
                     'Follow FTC guidelines for identity theft protection '
                     '(available at ftc.gov/idtheft).',
                     'Report fraudulent activity or identity theft to law '
                     'enforcement promptly.'],
 'references': [{'source': "Pennsylvania Attorney General's Office Statement"},
                {'source': 'FTC Identity Theft Protection Guidelines',
                 'url': 'https://www.ftc.gov/idtheft'},
                {'source': 'Annual Credit Report Request Service',
                 'url': 'https://www.annualcreditreport.com'}],
 'response': {'communication_strategy': 'Public statement and direct '
                                        'notifications to potential victims on '
                                        '2023-11-14; advisory on protective '
                                        'measures provided',
              'incident_response_plan_activated': True,
              'law_enforcement_notified': 'FBI notified on 2023-11-14',
              'third_party_assistance': 'Cybersecurity specialists involved in '
                                        'investigation'},
 'stakeholder_advisories': 'Notifications sent to potential victims on '
                           '2023-11-14 with protective measures.',
 'title': "Data Breach at Pennsylvania Attorney General's Office",
 'type': 'Data Breach'}