Pennsylvania Attorney General Confirms Data Breach After Ransomware Attack

Posted on By CWS

The Pennsylvania Workplace of the Legal professional Basic (OAG) has confirmed struggling a knowledge breach after it was focused in a ransomware assault earlier this 12 months.

The assault on the Pennsylvania OAG got here to gentle in August, when the group introduced {that a} cyberattack had disrupted its web site, e mail accounts, and telephone strains. Service outages lasted for roughly three weeks.

The OAG confirmed in late August that it had been focused in a ransomware assault that concerned the deployment of file-encrypting malware, however mentioned no ransom had been paid.

The Inc Ransom group took credit score for the assault on the Pennsylvania OAG on September 21, claiming to have stolen 5.7 TB of knowledge and gaining “entry to inner community of FBI”.

The hackers allegedly obtained info from a variety of investigative models inside the legal professional common’s workplace, in addition to particulars on the group’s use of Cellebrite software program, which authorities companies use to extract and analyze knowledge from cellular gadgets and computer systems. 

In a knowledge incident discover printed on Friday, the Pennsylvania OAG mentioned its investigation confirmed potential entry to sure recordsdata, together with ones storing private info equivalent to names, Social Safety numbers, and medical info.

It’s unclear what number of people are impacted by the information breach.

“We’ve no proof of the misuse, or tried misuse, of any doubtlessly concerned info,” the discover reads. Commercial. Scroll to proceed studying.

Whereas this can be technically correct based mostly on the corporate’s restricted scope of inner proof, from a cybersecurity standpoint, all these statements are unconvincing, contemplating that ransomware teams sometimes publish stolen knowledge or share it privately in closed cybercriminal circles. 

The Pennsylvania OAG has not shared any technical info on the assault, however cybersecurity researcher Kevin Beaumont reported in September that the group was possible penetrated through the exploitation of a Citrix Netscaler vulnerability dubbed CitrixBleed2.

Associated: Logitech Confirms Information Breach Following Designation as Oracle Hack Sufferer

Associated: Princeton College Information Breach Impacts Alumni, College students, Workers

Associated: Information Stolen in Eurofiber France Hack

Associated:  DoorDash Says Private Info Stolen in Information Breach

Security Week News Tags:, , , , , , ,

Related Posts

Oracle Says Known Vulnerabilities Possibly Exploited in Recent Extortion Attacks Security Week News
Andrei Tarasov: Inside the Journey of a Russian Hacker on the FBI’s Most Wanted List Security Week News
Red Hat Confirms GitLab Instance Hack, Data Theft Security Week News
Hacker Conversations: Alex Hall, One-time Fraudster Security Week News
Adobe Patches Big Batch of Critical-Severity Software Flaws Security Week News
GitHub Boosting Security in Response to NPM Supply Chain Attacks  Security Week News