Cyberattackers leaked data of 27,000 NYC Bar Association members

Jason Macuray
The New York City Bar Association confirmed that the data of more than 27,000 members and employees was leaked during a cyberattack nearly a year ago.

The New York City Bar Association confirmed that the data of more than 27,000 members and employees was leaked during a cyberattack nearly a year ago.

In filings with regulators in Maine and Vermont, the organization said an investigation completed on October 18 confirmed that hackers broke into its systems and had access to internal files from December 2 to December 24, 2022.

Founded in 1870, the organization is a voluntary association of lawyers and law students with more than 23,000 current members.

InJanuary, the Clop ransomware gang claimed to have attacked the organization, threatening to leak 1.8 terabytes of stolen information. Despite acknowledging receipt of emails from Recorded Future News in January, the association never responded to requests for comment or addressed the issue publicly.

The organization again did not respond to requests for comment this week about whether it was a ransomware attack that caused the data leak, but said its IT team took “networks offline to contain the threat.” They also did not address why it took them nearly a year to notify their members.

The organization redacted parts of the letters it is planning to send to victims, only confirming that names were accessed by the hackers. Filings in in Maine, however, say financial account numbers, as well as credit or debit card numbers, were leaked alongside security codes or PINs.

“Upon experiencing the incident, NYC Bar’s internal IT specialists took our networks offline to contain the threat and immediately commenced a prompt and thorough investigation. As part of our investigation, NYC Bar has been working very closely with external cybersecurity professionals experienced in handling these types of incidents,” they said.

“After an extensive forensic investigation and manual document review, NYC Bar discovered on October 18, 2023 that between December 2, 2022 and December 24, 2022, certain impacted files may have been removed from the NYC Bar by an unauthorized individual.”

The organization is providing victims with 12 months of free credit monitoring and identity theft protection services, which include a $1,000,000 insurance reimbursement policy.

Due to the large number of industry-specific members, bar associations have been a frequent target for hackers.

The German Federal Bar (BRAK) Association was attacked by the NoEscape ransomware group in August and confirmed that its systems were infiltrated by hackers in May 2022.

In its posting about the New York City Bar Association, the Clop ransomware gang alleged that it encrypted the organization’s systems — a relative rarity for the group, which has a penchant for data theft.

The group drew headlines this year for its repeated attacks on file transfer products, stealing troves of data from thousands of organizations across the world in two separate campaigns.

NewsPrivacyCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

Rebel offensive in Myanmar takes aim at online scam industry

Next Post

North Korean attack on CyberLink impacted devices around the world, Microsoft says

Related Posts

Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers

Details have emerged about a now-patched security flaw impacting Apple's Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device's virtual keyboard. The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865. "A novel attack that can infer eye-related biometrics from the avatar image to
Avatar
Read More