American Bar Association Declared Hackers Stole Members’ Login Credentials
America’s latest legal organization confirmed a hacker stole 1.5 million American Bar Association account usernames and passwords in March.
The cyber security breach of ABA’s network impacted accounts data used to gain entry into the association’s pre-2018 website and the career center website.
Additionally, the ABA stated in a late email on Thursday it encrypted all the data. The threat actors may deal with encryption to access vital information.
American Bar Association Claims No Misuse
The cyber hack comes as several law firms, including Covington & Burling LLP and Proskauer Rose LLP, made headlines in recent weeks for cyber breaches that disclosed sensitive client information.
Moreover, data breaches can lead to lawsuits claiming security negligence, as plaintiffs did in the class action against Cadwalader, Wickersham & Taft LLP. Plaintiffs sued the enterprise alleging it erred to deter a security breach to its networks and theft of personal data.
Notably, the ABA is notifying users who didn’t change their password information during the 2018 transition to a new website log-in platform to bring up to date their passwords.
The ABA Spokesperson stated that the hackers failed as they did not access or steal vital data. One such is Members’ profiles—which generally include names, addresses, contacts, bar admissions, education, demographics, and credit card data.
The intention of the threat actor is unclear. There are no proofs they misused the personal details.
What should ABA members do?
The concern posed is that members may have used their exact credentials on the new member system, as those on the legacy system shut down back in 2018.
In this case, it may be feasible for the hackers to use those credentials to gain entry to the current ABA membership portal. However, if the account holders use the same login details on other sites, the hackers could attempt to gain entry to other accounts used by the member.
Therefore, the ABA urges all members to modify their passwords on the site and any other sites using the same credentials.
Additionally, all members are notified to watch out for spear-phishing emails imitating the ABA, as threat actors may use them to access further personal information.
