The American Bar Association (ABA), the largest association of lawyers and legal professionals globally, has fallen victim to a cyber attack. The attack resulted in the compromise of the organization’s network, giving hackers access to older login credentials for 1,466,000 members.
According to a statement from the ABA, the organization detected “unusual activity” on its network on March 17, and a subsequent cybersecurity investigation revealed that an unauthorized third party gained access to the network around March 6. The ABA explained that, although it asked its users to create new login credentials when it changed its website in 2018, some members may have used the same credentials for the new website.
The ABA emphasized that the stolen passwords were not stored in plain text, but were instead “hashed and salted,” which is a process that adds random characters to the plain text password and then converts it into ciphertext. The organization stated that this process enhances the security of the passwords and, in many cases, the passwords were the default passwords assigned by the ABA if the members never changed them on the old ABA site.
Although the passwords were not exposed in plain text, the ABA is still notifying all affected individuals as a precaution. The organization stated that, “To be clear, the passwords were not exposed in plain text. They were instead both hashed and salted, which is a process by which random characters are added to the plain text password, which is then converted on the ABA systems into cybertext.”
In the notification letter, the ABA encouraged members to change any passwords that may be the same as or similar to the password involved in the incident. The organization advised members to remain vigilant against any unauthorized attempts to access their online accounts and to change their passwords in an abundance of caution, especially if they plan to continue using the ABA Career Center.
The ABA is a vital component of the legal system in the United States, providing continuing education and services for lawyers and judges, as well as initiatives to improve the legal system. This data breach serves as a reminder of the importance of cybersecurity for all organizations, especially those that handle sensitive information.