The New York City Bar hack has leaked the data of its members

The New York City Bar hack compromised and leaked the personal information of over 27,000 of the association’s members and staff.

Established in 1870 as a voluntary association for lawyers and law students, the organisation confirmed that hackers breached its systems, acquiring access to its internal files from December 2 to December 24, last year.

This hack has prompted the association to submit filings to authorities in Maine and Vermont. Moreover, the association disclosed the results of an investigation they completed on October 18.

 

The Clop ransomware gang claimed responsibility for the New York City Bar hack.

 

The notorious Clop ransomware group announced that they were the ones who caused the New York City Bar hack and threatened the association to release 1.8 terabytes of stolen data. However, despite receiving the warning, the association did not respond and refused to release details about the incident.

In addition, the association did not clarify whether the cyberattack involved ransomware but confirmed that they took some of the networks offline to isolate the threat. Reports also claimed that it took the organisation almost a year to notify its members about the data breach, raising questions about the delay.

Unfortunately, the notification letters disseminated by the bar to the affected individuals contained redacted details. Still, filings in Maine confirmed that the hackers accessed financial account numbers, credit or debit card information, and security codes or PINs.

On the other hand, the NYC Bar Association assured victims that it had initiated a thorough investigation with the help of third-party cybersecurity providers. In response to the breach, the organisation offers affected parties 12 months of free credit monitoring and identity theft protection services, including a $1,000,000 insurance reimbursement policy.

Bar associations have become frequent and susceptible targets for cyberattacks. In a similar event, the German Federal Bar (BRAK) Association faced an attack by the NoEscape ransomware group in August, confirming infiltration in May 2022.

The Clop ransomware gang, known for data theft, asserted that it encrypted the NYC Bar Association’s systems, deviating from its usual modus operandi. Therefore, potentially affected individuals should now be cautious with unsolicited communications and be mindful of financial transactions.