The American Bar Association (ABA) has suffered a data breach and the ABA data breach has affected more than 1.4 million members.
As reported by BleepingComputer (American Bar Association data breach hits 1.4 million members, written by Lawrence Abrams and available here), the ABA began notifying members Thursday night that a hacker was detected on its network on March 17th, 2023, and may have gained access to members’ login credentials for a legacy member system decommissioned in 2018.
“On March 17, 2023, the ABA observed unusual activity on its network. The incident response plan was immediately activated response, and cybersecurity experts were retained to assist with the investigation,” warns a notification email sent to impacted members and seen by BleepingComputer.
“The investigation determined that an unauthorized third party gained access to the ABA network beginning on or about March 6, 2023 and may have acquired certain information.”
The ABA stated that 1,466,000 members were affected by the ABA data breach. While it was not a ransomware attack and that no corporate or personal data was stolen, there are some concerns that the threat actors could abuse the credentials.
The American Bar Association says these legacy credentials were hashed and salted, meaning they were converted from plaintext into a more secure format.
However, even with the passwords being hashed and salted, it is still possible for threat actors to dehash the passwords over time.
To make matters worse, the ABA says that “in many instances” the password may have been a default password assigned by the ABA when the account was registered if it was not later changed.
Not surprisingly, the ABA recommends that members change their passwords on the site and any other sites utilizing the same credentials.
All ABA members are advised to also watch for spear-phishing emails impersonating the ABA, as threat actors may use them to access further personal information.
Of course, the ABA has already been slapped with a data breach class action as a result of the ABA data breach. As Ron Burgundy would say: “that escalated quickly”! When something impacts so many lawyers, it’s not that surprising.
So, what do you think? Are you concerned about the ABA data breach? Please share any comments you might have or if you’d like to know more about a particular topic.
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.
All those Legalweek sessions plus ABA blog posts on cybersecurity 😂😂😂😂😂😂😂😂😂😂😂