The Georgia State Bar ransomware attack led to a data leak

October 18, 2022
Georgia State Bar Ransomware Cyberattack Data Leak BitLocker Fraud Prevention

An April 2022 cyberattack in Georgia State Bar resulted in a data leak comprised of members’ details, Social Security numbers, direct deposit details, and driver’s license numbers. The State Bar holds ethics investigations on lawyers and provides guidance and assistance to them alongside attorneys in the state.

The initial attack transpired on April 28, with the State Bar’s website only displaying a single page to provide information for its members while an investigation is at hand. The researchers also revealed that the Georgia State Bar was crippled by the attack, including its network, website, and email system.

Relevant cybersecurity authorities were contacted by the State Bar to help resolve the incident. Upon finishing an in-depth investigation, the organisation said that they discovered a data breach caused by the ransomware attack, compromising its members’ information like full names, addresses, birthdates, Social Security numbers, direct deposit details, driver’s license numbers, and name change information.

 

Numerous Georgia State Bar members were impacted by the data leak, including its current and former members of about 53,000 individuals.

 

Suspicious activities in the State Bar’s systems were detected in the April 28 incident, which triggered the organisation’s security team to take their operations offline and disconnect devices immediately. The investigation also showed that the BitLocker ransomware was the launched payload that attempted to compromise their systems.

While the incident was confirmed to be ransomware, the organisation clarified that they were not requested with any monetary ransom demand. Furthermore, they have found no evidence of data misuse. On May 3, the organisation shared the news via their Twitter account to publicly announce the incident.

Unfortunately, the organisation said that they found evidence of a threat actor’s continued presence inside their network. Thus, to address the problem, they are working on creating an entirely new network environment with more enhanced security features where no threat actor could attempt to compromise.

All affected people are offered free credit monitoring and identity protection services while the entire incident is still under mitigation. The members must also be vigilant, as the threat actors who obtained their data could use them for malicious purposes.

About the author

Leave a Reply