American Bar Association logo (image source: ABA (seekvectorlogo), 2020))
One-sentence summary:
In March 2023, a threat actor breached over 1.4 million lawyers’ and judges’ hashed and salted passwords from the ABA’s network.
Who was involved?
The American Bar Association (ABA), 1,466,000 members, and a threat actor.
What was the timeline?
March 6, 2023: Threat actor obtains initial access to the ABA
March 17, 2023: ABA detects the hacker on the network
April 20, 2023: ABA begins notifying members of its data breach
What occurred?
A threat actor obtained access to credentials in March 2023 for a legacy ABA website (pre-2018) and its career center (post-2018), breaching the usernames and hashed and salted passwords for over 1,466,000 members (Abrams, 2023; Witley, 2023).
Estimated costs:
Associated incident response costs, outside “cybersecurity experts”
Involved laws:
TBA or N/A (see disclaimer)
Root cause:
TBA or N/A (see disclaimer)
Lessons learned:
TBA or N/A (see disclaimer)
Sources:
ABA (seekvectorlogo). (2020, January). american-bar-association-aba-vector-logo.png. seekvectorlogo.com. https://seekvectorlogo.com/wp-content/uploads/2020/01/american-bar-association-aba-vector-logo.png
Abrams, L. (2023, April 21). American Bar Association data breach hits 1.4 million members. BleepingComputer. https://www.bleepingcomputer.com/news/security/american-bar-association-data-breach-hits-14-million-members/
Witley, S. (2023, April 21). ABA Says 1.5 Million Member Accounts Hacked in Data Breach (1). Bloomberg Law. Retrieved April 22, 2023, from https://news.bloomberglaw.com/privacy-and-data-security/aba-says-1-5-million-member-accounts-hacked-in-data-breach
