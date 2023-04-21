Summary

(Reuters) - The American Bar Association has told 1.5 million lawyers and others who had accounts on its website that their login information may have been stolen, a spokesperson said Friday.

The national lawyer group said in an update on its website and email notices beginning Thursday that an unauthorized third party penetrated its network last month and took usernames and passwords for online accounts used to access an old ABA website and its career center before 2018.

The spokesperson said that no other information was taken, and the ABA said it has "no indication" the information has been misused.

The ABA is the country's largest voluntary bar association, with 166,000 dues-paying members and a staff of more than 1,000.

The organization said it observed "unusual activity" on its network on March 17, and a cybsersecurity investigation determined the unauthorized third party gained access to its network around March 6.

The ABA said it asked users to create new login credentials when changing its website in 2018, though users may have used the same credentials for the new website. It said the stolen passwords were not stored in plain text and were "hashed and salted," adding to their security.

The legal industry has been the target of growing cybersecurity attacks, including against law firms that often possess valuable confidential client information.

In March, a midsize law firm agreed to pay $200,000 the New York Attorney General over data security lapses that led to a 2021 data breach.

New York law firm Cadwalader, Wickersham & Taft was accused in a new lawsuit last week of failing to prevent a November data breach.

Last year, the State Bar of California said an "unknown security vulnerability" in its own database led to a months-long online disclosure of 260,000 confidential attorney discipline cases, after earlier describing the situation as a hack.

