On Friday, a representative stated that the login details of 1.5 million lawyers and other account holders on the American Bar Association’s website might have been compromised.
The American Bar Association has disclosed on its website and through email notifications that an outside party breached its network last month and obtained login credentials for online accounts used to access the old ABA website and career center before 2018.
The organization clarified that only usernames and passwords were accessed, and no other data was compromised.
The ABA has also stated that there is currently no evidence of any unauthorized use of the stolen information.
According to an email notification received by affected members and seen by BleepingComputer, the ABA detected unusual activity on its network on March 17, 2023.
In response, the organization promptly enacted its incident response plan and enlisted the help of cybersecurity experts to conduct an investigation.
“They were instead both hashed and salted, which is a process by which random characters are added to the plain text password, which is then converted on the ABA systems into cybertext,” said the ABA notification.
As of 2022, the ABA remains the biggest association of lawyers and legal experts worldwide, with a paying membership of 166,000.
The organization offers a range of services and programs, including continuing education for legal practitioners and judges, as well as various initiatives that aim to enhance the legal system in the United States.
Last March, Reuters reported a midsize law firm settled with the New York Attorney General for $200,000 due to data security deficiencies that resulted in a data breach in 2021.
Last week, the New York law firm Cadwalader, Wickersham & Taft was sued for not preventing a data breach that occurred in November.