Cyberattackers leaked data of 27,000 members of the New York Bar Association

The New York City Bar Association has confirmed that the data of more than 27,000 members and employees was leaked in a cyberattack nearly a year ago.

In the files filed with regulators in Maine And VermontThe organization said an investigation completed on October 18 confirmed that hackers broke into its systems and gained access to its internal files from December 2 to December 24, 2022.

Founded in 1870, the organization is a voluntary association of lawyers and law students with more than 23,000 current members.

In January, the Clop ransomware gang claims attacked the organization, threatening to release 1.8 terabytes of stolen information. Despite acknowledging receipt of Recorded Future News’ emails in January, the association never responded to requests for comment or addressed the issue publicly.

CL0P #Ransomware The group added the New York City Bar Association (https://t.co/DZmtQ3kW6c), a voluntary association of lawyers and law students, to its list of victims. They claim to have access to over 1.8TB of data.#UNITED STATES #WebDark #deepweb #data breach #CyberRisk pic.twitter.com/p0BDZUrC1t

– FalconFeeds.io (@FalconFeedsio) January 14, 2023

The organization also did not respond to requests for comment this week on whether it was a ransomware attack that caused the data leak, but said its IT team had taken “networks offline to contain the threat “. They also did not explain why it took them almost a year to inform their members.

The organization redacted parts of the letters it plans to send to victims, confirming only that the hackers had access to the names. However, documents filed in Maine indicate that financial account numbers, as well as credit or debit card numbers, were disclosed alongside security codes or PINs.

“After encountering the incident, NYC Bar’s in-house IT specialists took our networks offline to contain the threat and immediately launched a rapid and thorough investigation. As part of our investigation, the NYC Bar worked very closely with external cybersecurity professionals experienced in handling these types of incidents,” they said.

“After an extensive forensic investigation and manual review of documents, the New York Bar discovered on October 18, 2023 that between December 2, 2022 and December 24, 2022, certain affected files may have been removed from the New York Bar York by an unauthorized person.

The organization offers victims 12 months of free credit monitoring and identity theft protection services, which includes a $1,000,000 insurance reimbursement policy.

Due to the large number of members from specific sectors, bar associations are a frequent target for hackers.

German Federal Bar Association (BRAK) was attacked by the NoEscape ransomware group in August and confirmed that its systems were infiltrated by hackers in May 2022.

In its post about the New York City Bar Association, the Clop ransomware gang claimed to have encrypted the organization’s systems – a relative rarity for the group. who has a penchant for data theft.

The group made the headlines this year for his repeated attacks on file transfer productsstealing tons of data from thousands of organizations around the world in two separate campaigns.

Jonathan Greig is a breaking news reporter at Recorded Future News. Jonathan has worked as a journalist around the world since 2014. Before returning to New York, he worked for media outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.