NYC Bar Association confirms data of 27k members exposed after cyberattack

The New York City Bar Association experienced a data breach in which the personal details of over 27,000 members and employees were exposed as a result of a cyberattack that occurred between December 2 and December 24, 2022. Following the incident, the NYC Bar’s IT team shut down their networks to contain the threat and launched an investigation with external cybersecurity experts.

This breach was investigated and confirmed by October 18 of 2023. The NYC Bar association was targeted by the Cl0p ransomware gang who threatened to release 1.8 terabytes of data they claimed to have stolen.

The association has not publicly acknowledged the incident nor did it respond to inquiries until now. The incident is confirmed in regulatory filings.

The reporting  confirms that attack compromised sensitive data, including

• financial data,
• account, credit or debit card numbers,
• security codes or PINs,

Approximately 27,000 individuals are impacted by this attack.

The association has since offered 12 months of free credit monitoring and identity theft protection services to the affected individuals.