The Pennsylvania Office of Attorney General (OAG) is experiencing a significant cyber incident that has taken down critical systems for over 24 hours, affecting the agency’s ability to serve the public.
What Systems Are Down
The cyber incident has completely disrupted the OAG’s digital infrastructure, affecting:
- Website – Completely offline and inaccessible
- Email systems – All agency email accounts are down
- Phone lines – Office phone systems are unreachable
The outage is so severe that the press has been provided temporary Outlook email addresses to contact the OAG about the incident.
Timeline and Response
Attorney General Dave Sunday announced the cyber incident on Monday, August 11, 2025, through his official X account. As of Tuesday, August 12, systems remain offline with no clear timeline for restoration.
Sunday expressed frustration with the situation, stating: “This is a frustrating situation, and everyone is doing their very best. I am grateful for the dedication and professionalism of our Information Technology staff who are working around the clock to resolve the matter”.
The office emphasized that staff are continuing their work and collaborating with supervisors to minimize interruptions to their mission of protecting Pennsylvanians.
Potential Security Vulnerabilities
There were previously identified concerning vulnerabilities in the OAG’s systems. The OAG’s Citrix NetScaler boxes were vulnerable to a critical security flaw known as “CitrixBleed 2” (CVE-2025-5777), which carries a severity score of 9.3.
These vulnerable NetScaler systems were taken offline on July 29 and August 7 – just days before the current cyber incident. However, the connection between the vulnerabilities and current outage remains unconfirmed.
Investigation Ongoing
The OAG is working with law enforcement partners to investigate the cause of the incident and restore systems. While officials have characterized this as a “cyber incident,” they have not specifically confirmed whether it was a cyberattack, ransomware, or other form of malicious activity.