Cyber Incident Victim: Virginia Attorney General

The Virginia Attorney General’s office, led by Attorney General Jason Miyares, experienced a disruptive cyberattack in early February 2025 that forced the agency offline. The attack compromised nearly all computer systems, including NetDocs, Outlook, Teams, OAG Fileshare, VPN access, and internet connectivity via the OAG network, according to an email sent to staff by Chief Deputy Attorney General Steven Popps on Wednesday of that week. The outage severely hampered operations at the state’s top prosecutorial agency, which provides legal services to Virginia’s agencies, boards, commissions, colleges, and universities. Virginia State Police and other law enforcement officials immediately launched an investigation into the incident, though no public details about the attack vector or responsible actors were disclosed at the time. Miyares’ office did not respond to initial media requests for comment, leaving the scope and duration of the disruption unclear during the early stages of the incident.

The cyberattack directly impacted attorneys’ ability to perform core functions, as evidenced by the Supreme Court of Virginia and the Court of Appeals of Virginia activating contingency measures for legal filings. Both courts provided access to a paper court filing “basket” system that attorneys had previously designated for such emergencies, indicating the digital systems normally used for filings were rendered inoperable by the attack. As the office responsible for supporting law enforcement coordination statewide and providing critical legal services to government entities, the prolonged system outage risked cascading disruptions across Virginia’s judicial and administrative operations. The forced reliance on manual paper processes highlighted the severity of the technical compromise and underscored the office’s central role in maintaining legal workflows. No restoration timeline or data compromise details were publicly confirmed during the initial reporting period.