Inc Ransomware Group Claims 5.7 TB Theft from Pennsylvania Attorney General’s Office

The notorious Inc ransomware group has taken responsibility for an August 2025 data breach at the Pennsylvania Attorney General’s office. According to cybersecurity researchers at Comparitech, the group claims to have stolen a staggering 5.7 TB of data.

To prove their point, the Inc ransomware group posted what it says are sample documents from the office on its data leak site. The findings from Comparitech were shared with Hackread.com.

Inc data leak site lists the Pennsylvania Attorney General (Source: Comparitech)

****The Attack****

The Pennsylvania Attorney General’s office was first hit with the attack on August 11. This type of attack uses malicious software, or malware, to either lock or steal data until a ransom is paid.

The incident disrupted the office’s operations, preventing staff from accessing important files, archived emails, and internal systems. This led to a judge putting a temporary halt to some civil and criminal trials until the middle of September.

The office has not confirmed the group’s claims, but it did make it clear that it refused to pay a ransom. While the full extent of the compromised data is still being investigated, the office has notified a few individuals that their personal information may have been part of the breach.

Attorney General Dave Sunday acknowledged the challenge, stating on August 29, 2025, that “This situation has certainly tested OAG staff and prompted some modifications to our typical routines – however, we are committed to our duty and mission to protect and represent Pennsylvanians, and are confident that mission is being fulfilled.”

****All About Inc****

Inc is a ransomware gang that first appeared in July 2023. It targets various organisations, including those in healthcare, education, and government. The group typically gains access through fake emails designed to trick people into clicking on a bad link, a practice known as spear phishing. They also exploit known weaknesses in software. Once inside a network, their malware not only steals data but also locks down computer systems until a ransom is paid.

Since its launch, Inc has claimed responsibility for 456 attacks and has been confirmed to be behind 126 of them, with 22 specifically targeting government agencies. In July 2025, the group claimed a data breach at Dollar Tree. In June 2025, grocery giant Ahold Delhaize USA confirmed a November 2024 breach following INC Ransomware’s claims.

In March 2024, INC Ransomware targeted NHS Scotland and stole 3TB of patient data. In December 2024, the group attacked two NHS hospitals, stealing a large volume of patient records.

****Threat to Government Agencies****

Rebecca Moody, Head of Data Research at Comparitech, explained that this attack on the Pennsylvania Office of Attorney General marks the 58th confirmed attack on a US government organisation this year, and the 11th in August alone, the highest monthly figure seen in this sector all year.

Moody shared her perspective on why government agencies are a prime target for hackers, highlighting that it’s “1) because of the widespread disruption these attacks can cause and 2) because of the amount of data up for grabs.” The 5.7 TB of data Inc alleges to have stolen is the highest amount of data a gang has reportedly taken from a US government entity this year.

As Moody pointed out, it’s likely we will see a public notification about the data that was impacted in the coming weeks or months, as was the case with the Lorain County Auditor’s Office, which recently notified 18,500 people after an attack in May 2025. This makes the Lorain County breach the second-largest via ransomware on a US government organisation this year so far.