Data breach at the California State Bar, with 322,000 confidential attorney disclipline files exposed to the public, an excrutiating experience ongoing from 27 February 2022
May 10, 2022
Lawyers are far from immune from data breaches. In fact law firms are attractive targets for ransomware attacks and malicious actors, sometimes state sponsored ones, who are interested in the sensitive information about clients held behind often poorly protected cyber defences. Nothing so nefarious has hit the State Bar of the US state of California with over 322,000 confidential attorney discipline records being erroneously published on public records aggregator Judyrecords from 15 October 2021 until 26 February 2022. The Bar claimed that this error was due to a bug in its case management system. While a a data breach caused by a flaw in the IT system rather than a malicious hack is a minor consolation the mortification level remains high nevertheless. And it remains a data breach. The breach was discovered on 24 February 2022. It has been required to notify 1,300 complainants, witnesses, or respondents.
The episode highlights the importance of checking the operability of IT systems as well as cyber security defences. Clearly the glitch which caused this data breach was due to a malfunction in the system. That is an explanation, not an excuse.
The State Bar first issued a Media release, State Bar of California Addresses Breach of Confidential Data, on 26 February 2022. At that time Read the rest of this entry »