The Pennsylvania Office of the Attorney General (OAG) has now confirmed that it suffered a data breach following a ransomware attack earlier this year. First disclosed in August, the incident disrupted the agency's website, email, and phone systems for roughly three weeks. Although the OAG acknowledged that ransomware was deployed, it stated that no ransom had been paid.

In September, the Inc Ransom group claimed responsibility, asserting that it had stolen 5.7 TB of data and even gained “access to internal network of FBI.” The attackers allegedly accessed information from multiple investigative units. According to the OAG's data incident notice, certain files containing personal information - including names, Social Security numbers, and medical data - may have been accessed, though the total number of affected individuals remains unknown. Reports suggest that the breach most likely stemmed from the exploitation of a Citrix Netscaler vulnerability known as CitrixBleed2.

This incident underscores the critical need for comprehensive, end-to-end infrastructure monitoring at organizations like these. Unified platforms, such as NIKSUN's, provide critical visibility that is needed when cyber-attacks take place. Organizations must adopt a monitoring foundation of full packet capture (FPC), deep packet inspection (DPI), real-time intrusion detection (IDS), anomaly alerting, and content-based detections to be prepared for any event. Moreover, unifying extended functionality into SIEM, threat intelligence, forensics, SOAR, and other advanced cybersecurity capabilities can help create a consolidated detection-to-response ecosystem that can dramatically reduce dwell time, identify exploitation attempts like CitrixBleed early, and prevent breaches of this magnitude in the future.