The State Bar announced on February 26 "that it is taking urgent action to address a breach of confidential attorney discipline case data that it discovered on February 24."
The State Bar initially did not refer the matter to law enforcement. The site owner disabled all searches. Almost three weeks later, the State Bar Court portal remains unavailable.
Rest of February 26 press release:
A public website that aggregates nationwide court case records was able to access and display limited case profile data on about 260,000 nonpublic State Bar attorney discipline case records, along with about 60,000 public State Bar Court case records. The site also appears to display confidential court records from other jurisdictions.
Under California Business and Professions Code 6086.1(b), all disciplinary investigations are confidential until the time that formal charges are filed, and all investigations are confidential until a formal proceeding is instituted.
The nonpublic case profile data from the State Bar appears to have been displayed on this public website in violation of this statute.* It includes case number, file date, case type, case status, and respondent and complaining witness names. It does not include full case records. We do not yet know how many attorney or witness names were disclosed.
The State Bar is taking all necessary steps to address and correct this matter:
We have retained a team of IT forensics experts to assist in our investigation.We have tasked our case management system software vendor, Tyler Technologies, to investigate and remediate any issues in their Odyssey case management software or this specific implementation of it.We have contacted the website’s hosting provider and domain name registrar requesting that the confidential data be immediately taken down. Direct contact information for the website owner is not readily available.We have notified law enforcement.*
“We apologize to anyone who is affected by the website’s unlawful display of nonpublic data,” said Leah Wilson, Executive Director. “We take our obligations to protect confidential data with the utmost seriousness, and we are doing everything we can to ensure that we resolve this issue quickly and prevent any such breaches from recurring. We intend to act quickly to provide disclosures to affected individuals.”
The State Bar has set up a webpage to provide ongoing updates and answer questions about the data breach: calbar.ca.gov/data-breach.
The webpage will be updated with further information as it becomes available.
* 3/10 correction: The State Bar initially expressed concerns that its confidential records may have been accessed unlawfully; the State Bar subsequently learned that the website operator most likely did not unlawfully access the records. The statement also did not distinguish between unlawful access and unlawful publication of the records. This was in error. The State Bar does not contend that publication of records acquired lawfully would be unlawful. We thank the First Amendment Coalition for raising these important distinctions with us.
* 3/2 correction: The State Bar ultimately did not refer this issue to law enforcement. Please see the data breach webpage for further information.
https://www.calbar.ca.gov/About-Us/News/Data-Breach-Updates
"As of March 1, the site owner of judyrecords has voluntarily disabled all searches of its database, “out of an abundance of caution.”
"The State Bar Court portal remains unavailable until further notice. We are working with Tyler Technologies to restore public access as soon as possible."
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.