Pennsylvania's Attorney General office confirmed a major data breach following a ransomware attack that disrupted services for three weeks in August. The Inc Ransom group claimed responsibility in September, allegedly stealing 5.7 TB of data including personal information like Social Security numbers and medical records from investigative units.
The hackers also accessed details about the office's use of Cellebrite software, which extracts data from mobile devices. While officials say there's no evidence of data misuse, cybersecurity experts remain skeptical since ransomware groups typically publish or sell stolen information. The attack likely exploited a Citrix Netscaler vulnerability called CitrixBleed2.
Source: Security Week