The Pennsylvania Attorney General's Office experienced a data breach in August, where unauthorized actors accessed its systems, causing the website, email, and phone services to go offline. The incident exposed residents' personal information, including Social Security numbers, though there is currently no evidence of misuse. Affected individuals were notified in October, and the office offered identity protection services as a precautionary measure. The breach was detected shortly after a separate statewide 911 outage in July, which was later confirmed to be unrelated attributed to a technical failure rather than a cyberattack. While the breach did not result in confirmed fraud or data exploitation, the exposure of sensitive personally identifiable information (PII) poses significant risks for identity theft and financial fraud. The office has not disclosed the exact number of affected residents or the method of intrusion, but the incident underscores vulnerabilities in government cybersecurity infrastructure.
Source: https://www.cbsnews.com/pittsburgh/news/pa-attorney-generals-office-data-breach-notice/
Pennsylvania Office of Attorney General cybersecurity rating report: https://www.rankiteo.com/company/pennsylvania-office-of-attorney-general
"id": "PEN1592115111625",
"linkid": "pennsylvania-office-of-attorney-general",
"type": "Breach",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Residents of Pennsylvania '
'(exact number unspecified)',
'industry': 'Public Administration / Law Enforcement',
'location': 'Pennsylvania, USA',
'name': "Pennsylvania Attorney General's Office",
'type': 'Government Agency'}],
'customer_advisories': 'Affected individuals notified on a Friday (exact date '
'unspecified); identity protection services offered',
'data_breach': {'data_exfiltration': 'Unconfirmed (no evidence of misuse '
'reported)',
'personally_identifiable_information': 'Yes (social security '
'numbers)',
'sensitivity_of_data': 'High (includes SSNs)',
'type_of_data_compromised': ['personal information',
'social security numbers']},
'date_detected': '2023-08-09',
'description': "The Pennsylvania Attorney General's Office reported a data "
"breach in August 2023, where residents' personal information, "
'including social security numbers, may have been accessed '
"during a 'cyber incident.' The breach caused the office's "
'website, email, and phones to go offline. While there is no '
'evidence of misuse, affected individuals were notified on a '
'Friday in late 2023 (exact date unspecified) and offered '
'identity protection services. The incident was detected on '
'August 9, shortly after a statewide 911 outage in July '
'(unrelated to the breach).',
'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
'exposure of sensitive data',
'data_compromised': ['personal information',
'social security numbers'],
'downtime': '2023-08-09 (start date; duration unspecified)',
'identity_theft_risk': 'High (social security numbers accessed)',
'operational_impact': 'Systems offline (website, email, phones)',
'systems_affected': ['website', 'email', 'phones']},
'investigation_status': 'Ongoing (no evidence of misuse reported as of '
'disclosure)',
'references': [{'source': "Pennsylvania Attorney General's Office Public "
'Advisory'}],
'response': {'communication_strategy': 'Public advisory and notification to '
'affected individuals via email/mail '
'(exact method unspecified)',
'incident_response_plan_activated': 'Yes (implied by '
'notification and identity '
'protection services)',
'remediation_measures': 'Identity protection services offered to '
'affected individuals'},
'stakeholder_advisories': 'Residents advised to check if affected via '
'provided link (URL not specified in text)',
'title': "Pennsylvania Attorney General's Office Data Breach",
'type': 'Data Breach'}