American Bar Association Has Network Breach

April 21, 2023

The American Bar Association said an unauthorized third-party gained access to usernames and passwords used by members to access an old website of the association.

The ABA said in a statement there is no evidence the personal information obtained was misused but it “takes the security of the information very seriously and sincerely apologizes for any concern this incident may cause.” Affected individuals were sent an email to the last known email address the ABA had on file, the association said.

The usernames and “hashed and salted” passwords accessed were used for an old website before 2018 or the ABA Career Center since 2018. Salting adds random characters to the password before hashing, which converts the password to ciphertext using an algorithm.

ABA said that in many instances, the passwords may have been the default password given to a user of the old site. When the organization changed its website in 2018 it asked users to create a new sign-in, but if members used the same information to log in, the ABA is suggesting they update passwords.

The unauthorized third party has been removed from ABA’s network. An investigation found that on or about March 6, this unauthorized party gained access to the network, which was noticed on March 17, the ABA said.