HQ/EMEAFind out how we can help your business
The Texas State Bar data breach has raised concerns after the INC ransomware gang claimed responsibility for the attack and leaked samples of allegedly stolen information.
The breach occurred between January 28 and February 9, 2025, but was only discovered on February 12. The State Bar of Texas, the second-largest bar association in the United States with over 100,000 licensed attorneys, has since warned affected members and offered identity protection services.
According to the organisation’s breach notification, the unauthorised actors accessed its network and stole sensitive information, including full names.
Other details about the stolen data from the Texas State Bar remain undisclosed, as public breach notifications filed with Attorney Generals’ offices redacted certain specifics.
While the hacking group behind the attack was not mentioned in the official notice, the INC ransomware gang added the organisation to its dark web extortion page on March 9, 2025, claiming responsibility for the breach.
Following the incident, the ransomware group leaked samples of the stolen data, which reportedly included legal case documents. However, researchers have not been able to verify if the leaked data originated from the Texas State Bar’s network or if it was already publicly available information. Efforts to obtain further clarification from the organisation have gone unanswered.
To mitigate potential risks from the Texas State Bar data breach, affected individuals have been offered free credit and identity theft monitoring services. They have until July 31, 2025, to enrol using the provided activation code. Additionally, individuals are advised to take further precautions, such as activating a credit freeze or placing a fraud alert to prevent unauthorised access.
This breach highlights the ongoing threats posed by ransomware groups targeting professional institutions and legal organisations.
The exposure of sensitive legal documents could have serious implications for those involved, further emphasising the need for robust cybersecurity measures. As investigations continue, affected members are urged to be cautious and take important steps to protect their information.
