Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Pennsylvania Office of the Attorney General (OAG) confirms data breach after August attack

The Pennsylvania Office of the Attorney General (“OAG”) confirms a data breach following a ransomware attack by Inc Ransom group. The Pennsylvania Office of the Attorney General (“OAG”) confirmed a data breach following a ransomware attack attributed to Inc Ransom group. However, the organization did not share details about the security breach, either the number […]

Pennsylvania Office of the Attorney General (OAG)

The Pennsylvania Office of the Attorney General (“OAG”) confirms a data breach following a ransomware attack by Inc Ransom group.

The Pennsylvania Office of the Attorney General (“OAG”) confirmed a data breach following a ransomware attack attributed to Inc Ransom group. However, the organization did not share details about the security breach, either the number of affected individuals.

“The OAG later learned that certain files may have been accessed without authorization. The OAG reviewed which data may have been involved and learned that certain personal information was contained in some files. Again, the OAG has no evidence of the misuse, or attempted misuse, of any information that was potentially involved.” reads the media notice published by OAG.

“Based on the OAG’s review of the data involved, for some individuals the information involved may have included name, Social Security number, and/or medical information.”

The attack occurred in August and disrupted its website, email, and phone systems for about three weeks. The extortion group claimed responsibility for the security breach on September 21 and claimed the theft of 5.7 TB of sensitive data.

“Pennsylvania Office of Attorney General is a law enforcement official that protects and serves the agencies of the Commonwealth and citizens of Harrisburg, Pennsylvania.5.7TB data leak, access to internal network of FBI and more…Data includes: Executive Office, Criminal Investigations PC, Financial Crimes, Security, Medicaid Fraud, Bureau of Investigative, Child Predator Section, Environmental Crimes, Retail Theft, Special Operations, Bureau of Narcotics, Word Templates, Celebrite.Contact us using report system and leave your tox for communication in case if you are interested.” reads the message published by the Inc Ransom group on its data leak site.

The Inc Ransom group claimed to have gained “access to internal network of FBI”.

The investigation conducted by OAG confirmed that data involved for some individuals may have included name, Social Security number, and/or medical information.

The Pennsylvania OAG set up a toll-free call center (1-833-353-8060) to assist those affected, available Monday–Friday from 8 a.m. to 8 p.m. ET, excluding U.S. holidays.

In September, cybersecurity researcher Kevin Beaumont reported that attackers had exploited the Citrix NetScaler vulnerability known as CitrixBleed2.

“Pennsylvania Office of Attorney General has been down for several weeks from a ransomware attack.” Beaumont wrote. “They haven’t mentioned it, but I’m told the group got in via CitrixBleed 2.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Pennsylvania Office of the Attorney General)