"State Bar of California Investigates Data Breach"

The State Bar of California has launched an investigation to discover how hundreds of thousands of confidential attorney disciple records were exposed online.  The records were found on February 24 on a public website that aggregates nationwide court case records.  Data compromised in the incident included case numbers, file dates, case types, case statuses, and respondent and complaining witness names.  Alongside the discovered 260,000 confidential attorney discipline records were approximately 60,000 public State Bar Court case records.  The State Bar stated that it was taking “urgent action” to address the breach and had notified law enforcement of the incident.  The State Bar said that the site “also appears to display confidential court records from other jurisdictions” but did not specify which ones.  During the investigation into the incident, the State Bar discovered that a previously unknown security vulnerability in the Tyler Technologies Odyssey case management portal allowed the nonpublic records to be unintentionally swept up by Judyrecords when they attempted to access the public records using a unique access method.  The State Bar is working with Tyler Technologies, the maker of the Odyssey system, to remediate the security vulnerability, which they believe may not be unique to the State Bar’s implementation and could impact other users of Odyssey systems.  The State Bar said that as of late Saturday, February 26, all State Bar records, confidential and public, had been removed from the website.

Infosecurity reports: "State Bar of California Investigates Data Breach"