Hack of Pennsylvania AG Office Raises Concerns, but Attorneys Say the Work Continues
Harrisburg, PA – September 5, 2025 – A ransomware attack that struck the Pennsylvania Office of Attorney General (OAG) nearly a month ago continues to raise concerns about data security and operational disruptions, yet attorneys and staff assert that their critical work in law enforcement and consumer protection is moving forward. The cyberattack, which began on August 11, 2025, crippled the agency’s website, email, and phone systems, forcing significant workarounds for its 1,200 employees across 17 offices. Despite these challenges, Attorney General Dave Sunday insists that the OAG remains committed to its mission of protecting Pennsylvanians.
Details of the Cyberattack
The attack involved an outsider encrypting OAG files in an attempt to extort a ransom payment, which Sunday confirmed was not paid. The incident disrupted email access, knocked the agency’s website offline, and severed phone communications, with the main office line only recently restored. A statement from the OAG on August 29 noted that “substantial progress” has been made in restoring systems, with most staff regaining email access and the website back online. However, the full extent of compromised data remains unclear, fueling concerns about the security of sensitive court files and personal information.
The OAG has not confirmed whether the attack exploited a known vulnerability in Citrix NetScaler, dubbed “Citrix Bleed 2” (CVE-2025-5777), which security expert Kevin Beaumont identified on the agency’s network in July 2025. The Cybersecurity and Infrastructure Security Agency (CISA) flagged this flaw as a significant risk, adding it to its Known Exploited Vulnerabilities list on July 10. While the OAG’s silence on the cause limits speculation, the possibility of such a vulnerability raises questions about the state’s cybersecurity preparedness.
Impact on Operations
The ransomware attack has disrupted the OAG’s operations, the state’s top law enforcement agency responsible for prosecuting crimes, defending state laws, and handling consumer complaints. Some staff and prosecutors remain unable to access archived emails, files, or internal systems critical for litigation, leading to court-issued extensions in criminal and civil cases. For instance, Philadelphia Common Pleas Judge Daniel Anders suspended civil trial litigation involving the OAG through September 12 and postponed certain criminal matters through September 21, citing attorneys’ inability to contact witnesses or produce discovery.
Despite these setbacks, Sunday emphasized resilience, stating, “This situation has certainly tested OAG staff and prompted some modifications to our typical routines—however, we are committed to our duty and mission to protect and represent Pennsylvanians, and are confident that mission is being fulfilled.” Attorneys have continued appearing in court, and agents have pursued investigative tasks, including public safety initiatives set for upcoming announcements. The OAG is also receiving complaints and collaborating with local, state, and federal partners through alternate channels.
Concerns and Criticisms
The lack of clarity about compromised data has sparked alarm. Cybersecurity experts worry that sensitive court files, including those related to ongoing prosecutions or consumer protection cases, could be at risk. “The fact that we still don’t know what data was accessed after three weeks is concerning,” said Stefanie Schappert, a senior journalist at Cybernews. The OAG’s limited comments, citing an active investigation involving other agencies, have done little to ease fears.
Posts on X reflect public frustration, with one user stating, “PA AG’s office got hacked, and they’re just saying ‘we’re working on it’? What about the victims’ data?” Critics argue that the state’s failure to patch known vulnerabilities, like Citrix Bleed 2, may have contributed to the breach. The OAG’s efforts to assist other agencies in avoiding similar attacks suggest an acknowledgment of systemic cybersecurity gaps.
Resilience Amid Adversity
Despite the disruptions, Sunday praised the OAG’s staff for their adaptability. “You can judge the character of an organization by how it reacts to adversity,” he said. “I am very proud of our staff who continue to work and find ways to overcome these unexpected hurdles.” The agency’s 1,200 employees have relied on alternate communication methods, such as personal email accounts and temporary phone lines, to maintain operations.
Preliminary investigations suggest that no criminal prosecutions or civil proceedings will be derailed solely due to the attack, though court delays have frustrated some stakeholders. The OAG’s role in handling high-profile cases, from financial fraud to price gouging, underscores the urgency of restoring full functionality.
Looking Ahead
The OAG is working to restore all systems and has promised to notify individuals if the investigation reveals a need for such action. The incident has prompted calls for stronger cybersecurity measures across state agencies, with some lawmakers advocating for increased funding to bolster defenses. As the investigation continues, the OAG faces pressure to provide transparency about the breach’s scope and prevent future vulnerabilities.
For now, Pennsylvania’s top law enforcement agency remains steadfast, with attorneys and staff navigating the fallout of the cyberattack while striving to uphold their mandate. The incident serves as a stark reminder of the growing threat of ransomware and the challenges of securing sensitive government systems in an increasingly digital world.
Sources: PhillyVoice, PennLive, Cybernews, SecurityWeek, BleepingComputer, AttorneyGeneral.gov, FOX43, NatLawReview, Cisoseries, Spotlight PA, posts on X