The Inc ransomware group has claimed responsibility for a significant data breach at the Pennsylvania Attorney General’s office that occurred in August 2025. Cybersecurity researchers from Comparitech report that the group asserts it has exfiltrated approximately 5.7 terabytes of data from the office.
In a demonstration of their claims, the group uploaded what they allege to be sample documents from the Attorney General’s office onto their data leak platform. The details of this incident were presented in a report by Comparitech.
Description of the Attack
The initial breach occurred on August 11, when malicious software was deployed to either lock or exfiltrate sensitive data until a ransom was paid. This attack severely impacted the office’s operations, inhibiting staff access to critical files, archived emails, and internal systems. Consequently, a judge decided to pause several civil and criminal trials until mid-September.
While the Pennsylvania Attorney General’s office has not officially verified the group’s claims, it has publicly refused to negotiate a ransom payment. The full scope of the data breach is still under investigation, but the office has alerted several individuals that their personal information may have been compromised.
Attorney General Dave Sunday acknowledged the operational challenges posed by the breach in a statement made on August 29, 2025. He emphasized the office’s commitment to continue serving and protecting the people of Pennsylvania amid this disruption.
Background on Inc
Inc emerged as a notable ransomware threat in July 2023, targeting a variety of sectors including healthcare, education, and government. Their initial access often involves sophisticated spear phishing techniques, where malicious emails trick recipients into revealing sensitive information or clicking harmful links. The gang also exploits known vulnerabilities in software to infiltrate their targets. Once inside, their malware not only encrypts sensitive data but also renders computer systems inoperable until a ransom is paid.
Since its inception, Inc has claimed responsibility for 456 cyberattacks, with 126 confirmed incidents, including 22 targeting governmental entities. Notable past breaches include significant incidents at Dollar Tree and Ahold Delhaize USA.
Government Agencies as Prime Targets
Rebecca Moody, Head of Data Research at Comparitech, noted that this incident marks the 58th confirmed attack on a U.S. government agency in 2025, with 11 occurring in August alone, representing the highest monthly total of such attacks this year. Moody indicates that government agencies are attractive targets for hackers due to the potential for widespread disruption and the abundance of sensitive data they hold. The 5.7 terabytes claimed by Inc is notably the largest amount reportedly stolen from a U.S. government entity thus far in 2025.
As is often the case following such incidents, a public notification regarding the compromised data is expected in the weeks or months ahead. This follows a pattern seen in previous breaches, such as the recent incident involving the Lorain County Auditor’s Office, which notified 18,500 individuals after a ransomware attack in May 2025. This breach stands as one of the largest ransomware incidents affecting U.S. government organizations this year.
