Cyberattack hit Pennsylvania Attorney General’s office, personal data potentially accessed

The Pennsylvania Attorney General’s Office warned residents that a cyberattack over the summer exposed personal information and briefly disrupted the agency’s systems. The incident surfaced in August, when an outside actor encrypted files on the office’s servers and demanded a ransom, forcing the website, email, and phone lines offline.

The agency, which serves as the commonwealth’s chief law enforcement office, determined that files potentially accessed without authorization contained names, Social Security numbers, and medical information. The office stated that it had found no evidence that any of the compromised data had been misused.

Investigators identified the breach on August 9, roughly two weeks after a separate statewide 911 outage that affected emergency calls on July 12. During that interruption, Pennsylvanians who attempted to contact 911 experienced intermittent failures. The Pennsylvania Emergency Management Agency, which oversees the state’s emergency communications systems, later identified a technical malfunction as the cause, not a cyberattack. During the July outage, emergency officials activated alert systems, urged residents to follow local backup plans, and advised the public to keep county non-emergency numbers saved as a precaution.

The Attorney General’s Office notified affected individuals by email on Friday and offered complimentary identity protection services. The agency also implemented additional safeguards to reduce the risk of similar security incidents. The FBI began investigating the cyberattack after the breach was detected.