The State Bar of Texas is notifying members of a data breach that leaked sensitive information after a ransomware group breached its systems and accessed some files.
With over 100,000 licensed attorneys, the State Bar of Texas is ranked the second-largest bar association in the country. It is a self-regulating body for legal professionals that operates within a framework set by the Supreme Court of the Lone Star state.
Its duties include licensing attorneys, enforcing ethics, taking disciplinary action for errant members, providing legal resources for citizens, and supporting continuing education for practising attorneys.
On February 12, 2025, the bar association detected suspicious activity on its network, moved quickly to secure the environment, and launched an investigation involving third-party cyber forensics.
“Through the investigation, we determined that there was unauthorized access to our network between January 28, 2025, and February 9, 2025,” the regulatory body stated. “During this time, the unauthorized actor was able to take certain information from our network.”
Meanwhile, the INC ransomware group has taken credit for the cyber incident and leaked data samples as proof.
State Bar of Texas data breach leaked sensitive information
Although the data breach notice was heavily redacted, the bar association told the Texas Office of the Attorney General that details leaked include Social Security Numbers, driver’s license numbers, and government/state-issued ID numbers.
Similarly, the data breach exposed financial details, such as credit card numbers and account numbers, medical information, and health insurance details. Leaked data samples also suggest that full names and some legal case documents were accessed during the cyber attack.
“What’s particularly concerning here is the nature of the exposed data,” warned Steve Povolny, Senior Director of Security Research and Competitive Intelligence at Exabeam. “Legal case documents and personally identifiable information (PII) can have far-reaching implications – not just in terms of privacy, but also in undermining legal processes and potentially jeopardizing ongoing litigation.”
So far, the State Bar of Texas is unaware of the threat actors misusing the stolen information for any nefarious purposes, such as identity theft and fraud.
Nonetheless, it has notified relevant authorities and offered complimentary credit monitoring via Experian to protect data breach victims from fraud. It also advised members to monitor their financial accounts and credit reports for suspicious activity and notify relevant authorities.
Additionally, the State Bar of Texas said it implemented additional safeguards and reviewed data privacy and security policies to prevent a similar data breach in the future.
Meanwhile, the State Bar of Texas has yet to attribute the data breach to any threat actor. However, the INC ransomware gang has claimed responsibility, listed the bar association on its data leak site, and leaked samples of the allegedly stolen data.
Nonetheless, both entities remain tight-lipped, suggesting that ransom negotiations are ongoing. Consequently, the attack vector exploited, the number of victims, and the ransom amount demanded or offered remain undisclosed at the moment.
“If I was impacted by the breach and I’m still with the organization, I would want to know how it happened and that they are taking steps to make sure it doesn’t happen, at least the same way, again,” noted Roger Grimes, data-driven defense evangelist at KnowBe4. “Most ransomware attacks occur because of social engineering, and after that, unpatched software or firmware. Was that how it happened? Do they know? Because if you don’t know how it happened, you can’t assure me you’ve taken steps to make sure it can’t happen again.”
Given the sensitive nature of legal information, Texas State Bar could pay the ransom to avoid jeopardizing ongoing cases and the safety of victims and witnesses.
While authorities advise victims to weigh their options before deciding on whether to pay the ransom, they discourage payment as it does not guarantee data recovery or deletion and incentivizes more cyber attacks.
“However, the FBI understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers,” the agency states.
Legal institutions under cyber attack
Meanwhile, legal bodies are lucrative targets for cyber attacks due to the vast amounts of data they collect and the sensitive nature of the stored information.
“The compromise of the State Bar of Texas underscores the persistent and evolving threat that ransomware actors pose to public institutions and the legal sector,” warned Povolny.
Between December 2, 2022, and December 24, 2022, the NY City Bar suffered a data breach that exposed the personal information of 27,000 members and employees.
In the same year, the State Bar of Georgia posted on X that it experienced unauthorized network access that might have leaked sensitive information.
Other stakeholders, including law firms, legal tech providers, and judicial systems, have also suffered cyber attacks that pose serious risks to the justice system.
“This incident reinforces the urgent need for legal institutions to adopt a proactive cybersecurity posture: zero-trust architectures, continuous monitoring of network activity, behavioral analysis, and robust incident response plans are no longer optional,” concluded Povolny.
