The IT Nerd

Comparitech reported today that ransomware gang Inc over the weekend took credit for an August 2025 data breach at the Pennsylvania Attorney General’s office.

Rebecca Moody, Head of Data Research at Comparitech,commented:

“This attack on the Pennsylvania Office of Attorney General becomes the 58th confirmed attack on a US government organization this year so far. It’s also the 11th attack noted in August alone–the highest monthly figure on this sector we’ve seen throughout the year. From January to August 2025, confirmed attacks on US government agencies averaged at around seven per month. 

The attack also highlights why government agencies are a prime target for hackers. 1) because of the widespread disruption these attacks can cause and 2) because of the amount of data up for grabs. In this case, INC alleges to have stolen 5.7 TB, which is the highest amount of data a gang has allegedly stolen from a US government entity this year (on average, gangs have stolen 884 GB). 

Pennsylvania AG hasn’t yet said what data could be impacted in this breach, but it’s likely we’ll see a notification of some sort in the coming weeks/months. Lorain County Auditor’s Office has just issued a notification to 18,500 people following its attack in May 2025, making this the second-largest breach via ransomware on a US government organization this year so far.”

Ransomware gangs wouldn’t keep doing this if there was not a payday in one way (ransom) or another (selling the swiped data on the dark web). Thus proving that crime does pay. Which is very unfortunate.

Over the weekend, Heathrow was among a number of airports hit by a cyber-attack. You can get details here:

https://www.msn.com/en-gb/travel/news/heathrow-and-major-european-airports-suffer-fourth-day-of-disruption-after-cyber-attack/ar-AA1N2MN7?ocid=BingNewsSerp

Dr. Martin J. Kraemer, Security Awareness Advocate at KnowBe4 had this to say:

“More information has come to light: Dublin airports have also been affected, and a ransomware demand was made. This does not mean the motivation could not also have been sabotage, but one motivation is now clear: extortion.

We still need more information to actually understand the true impact and ramification of the attack.

The EU is still investigating the attack while the impact is widespread. We should not expect the EU to determine the source as early. That is because there is still a lack of clarity since authorities and corporations have confusing messaging. The NCSC is investigating a cyber incident. Collins Aerospace is talking about a cyber-related disruption. We require more transparency before we can make meaningful conclusions as to who is behind this and what their benefits are.

Organizations must ready themselves, as the incident highlights the urgency of protecting organizations and enforcing supply chain security. NIS2 and other regulations are more important than ever.”

Javvad Malik, Lead Security Awareness Advocate at KnowBe4 follows with this: 

“Air travel depends on shared systems, so a failure in a common check‑in platform quickly cascades into missed connections, accessibility shortfalls, and staff forced into manual workarounds. 

It’s why it’s important to build in graceful failure by assuming the primary system will go down and rehearsing manual operations, offline boarding, and accessible contingencies, with cross‑trained staff and basic tools ready. 

Reduce single points of failure by diversifying providers where feasible, segmenting tenants, and ring‑fencing critical functions so one vendor outage doesn’t halt everyone. Above all, communicate clearly and often, prioritize vulnerable passengers, and empower frontline teams to make humane decisions.”

This is brutal for travellers. And unless governments and airport authorities do everything possible to beef up their defences from this sort of thing, the possibility exists that this scenario will repeat itself.

Car maker Stellantis has disclosed that a third-party provider supporting its North American customer service operations suffered unauthorized access. The incident exposed basic contact details but not financial or highly sensitive personal data. Stellantis has activated incident response, notified authorities, and is warning customers of phishing risks. 

You can read their press release here: https://media.stellantisnorthamerica.com/newsrelease.do?id=27079&mid=1

Javvad Malik, Lead CISO Advisor at KnowBe4, commented:

“The common thread in most of these recent attacks across various industries is the fact that supply chains are often compromised to gain access to systems. Criminals often target a smaller partner with weaker defenses with social engineering being a common tactic. This includes convincing emails, messages, or calls, which can be powered by AI and deepfake technology to trick people into sharing access or approving actions they shouldn’t. 

The approach to be taken is full human risk management which includes the use of technology and clear training, simple processes, and easy ways for people to ask for help so they can make safer choices in the moment. Incident response must cover more than the technical fix. It includes the need to communicate quickly and clearly with customers and stakeholders about what happened, what it means for them, and exactly what steps they should take.”

Anders Askasen, Director of Product, Radiant Logic follows with this:

     “Cyber incidents tied to third-party providers is unfortunately one of the blind spots that could cause CISOs to be sleepless at night and it also highlights the importance that identity security doesn’t stop at the enterprise perimeter. Attackers can weaponize leaked and compromised identity data for phishing and social engineering attacks that open the door to larger breaches. The automotive industry has a norm of a sprawling ecosystem of suppliers and contractors and not having the unified visibility and control creates systemic exposure.

Global initiatives such as the EU’s NIS2 Directive puts a sharp focus on third-party and supply chain risk, making continuous monitoring of identity security posture a compliance requirement. Meeting this standard demands a data-centric approach that unifies identity intelligence across suppliers and contractors, giving enterprises the observability to detect, contain, and minimize risk. Organizations that apply the same rigor to third-party identities as they do internal ones will be far better prepared to withstand inevitable attacks.”

This is the second carmaker to get pwned as Jaguar/Land Rover has been down for weeks due to a cyberattack. Proving that cyberattacks have far reaching and expensive consequences.