State Bar of Texas reports data breach, INC Ransomware gang claims responsibility

The State Bar of Texas, the second-largest bar association in the United States with over 100,000 licensed attorneys, has confirmed a data breach following claims by the INC ransomware gang that they compromised the organization's systems and stole sensitive data.

The security breach occurred between January 28 and February 9, 2025, but was only discovered on February 12, 2025. During this period, unauthorized actors gained access to the organization's network and exfiltrated certain information, including full names and other data that has been redacted in public data breach notifications filed with Attorney Generals' offices.

The INC ransomware gang claimed responsibility for the attack on March 9, 2025, by adding the organization to their dark web extortion page. The threat actors have already begun leaking samples of allegedly stolen files, including what appear to be legal case documents.

The number of affected individuals is not disclosed.

The State Bar of Texas is offering affected individuals free credit and identity theft monitoring services through Experian, with enrollment available until July 31, 2025. The organization also recommends that victims consider activating credit freezes or placing fraud alerts on their credit files to mitigate potential risks from the exposure.