The State Bar of Texas has disclosed a data breach after the INC ransomware gang claimed responsibility. The breach occurred between January 28 and February 9, 2025, though it wasn’t discovered until February 12. The attackers accessed sensitive data, including full names, and stole information from the network during this time. However, specific details about the stolen data remain redacted in the public notifications filed with Attorney Generals’ offices.
The organization, which oversees more than 100,000 licensed attorneys, was targeted by the INC ransomware gang, who later claimed the breach. On March 9, 2025, the hackers posted the State Bar of Texas on their dark web extortion page. They also leaked samples of allegedly stolen files, including legal case documents. While the notification did not elaborate on the group’s methods, the attack’s impact has raised serious concerns about the security of sensitive legal information.
In response to the breach, affected individuals were notified and offered free credit and identity theft monitoring services through Experian. The service will remain available until July 31, 2025, with an activation code provided. The State Bar of Texas encouraged recipients to consider additional protective measures, such as activating a credit freeze or placing a fraud alert on their credit files.
This breach marks another example of the growing threat from ransomware gangs targeting high-profile organizations. The attack highlights the risks faced by institutions responsible for maintaining sensitive professional and legal data. The State Bar of Texas is continuing its investigation into the breach and working with authorities to address the impact.
Reference: