On August 9, 2025, the INC Ransom ransomware group attacked the Pennsylvania Office of the Attorney General, knocking its website, email, and phone lines offline for approximately three weeks. INC Ransom claimed responsibility on September 20, alleging theft of 5.7 TB of files and claiming access to an FBI internal network. Attorney General Dave Sunday confirmed the ransomware attack and refused to pay the ransom. Security researcher Kevin Beaumont identified vulnerable public-facing Citrix NetScaler appliances (CVE-2025-5777, ‘Citrix Bleed 2’) as the likely attack vector. Investigation confirmed files containing names, Social Security numbers, and medical information were potentially accessed; the number of affected individuals was not disclosed.