Recently, the New York City Bar Association reported a distressing cyber incident that compromised the data of over 27,000 members and employees. The breach, which occurred almost a year ago from December 2 to December 24, 2022, came to light following an investigation completed on October 18. This voluntary association, established in 1870, encompasses lawyers and law students, boasting a membership exceeding 23,000 individuals.
Although the association remained silent on whether the breach was a result of a ransomware attack, it acknowledged that its IT team promptly took networks offline upon discovering the threat. However, the delayed notification to members regarding the breach—almost a year after the incident—raised questions and concerns. The compromised information included names, financial account numbers, credit or debit card details, and security codes or PINs. As a proactive step, the association plans to send letters to affected individuals and is offering 12 months of free credit monitoring and identity theft protection services along with a $1,000,000 insurance reimbursement policy.
Bar associations have increasingly become targets for cybercriminals. The German Federal Bar (BRAK) Association encountered a ransomware attack by the NoEscape group in August, while the Clop ransomware gang, notorious for data theft, claimed responsibility for infiltrating the systems of the New York City Bar Association earlier in January. This group has garnered attention for targeting various organizations worldwide and conducting multiple data theft campaigns.
