Tuesday, May 05, 2009

WV State Bar Sends Member Notice of Data Breach

The West Virginia State bar sent notice of the breach of it's site and internal servers by hackers yesterday. The notice, posted below, shreds no new light on what happen or if person data was compromised, but it does disclose the FBI is now involved.

Important Notice to Our Members

The West Virginia State Bar

2006 Kanawha Boulevard, East
Charleston, WV 25311

Using a sophisticated computer hack, an unknown person or entity gained unauthorized access to The West Virginia State Bar website and internal computer network, potentially compromising certain personal information The State Bar maintains about its current and former members.

The security breach was discovered recently during an upgrade of The State Bar's website. The website was taken offline on Friday, April 17, 2009. The State Bar has retained forensic computer experts to help investigate the suspected security breach. The State Bar is also working with the FBI to investigate the breach and attempt to locate the responsible party(s).

The West Virginia State Bar's Ad Hoc Technology Committee met with its retained forensic computer experts and learned that the security breach extended beyond the web server to the Bar's internal computer network. Given the sophistication of this security breach, and out of an abundance of caution, the Committee is considering all personal information on The State Bar's network as potentially compromised.

The State Bar provided notice to all of its members regarding this security breach through a press release issued on April 28, 2009, with the assistance of the West Virginia Supreme Court of Appeals as The West Virginia State Bar did not have computer access to its member lists until May 4, 2009. This second notice is being sent to all members at this time because the State Bar's listserv capability was reinstated late this afternoon.

Members of the Ad Hoc Technology Committee, representatives of the company which has been working with The State Bar's computer system for the past several years, and the forensic computer experts worked all last week and over the weekend to remediate the problem.

While the website itself contained no personal data, the website was connected to The State Bar's internal database server which houses the membership data. Membership data includes names, mailing addresses, email addresses, birth dates, lawyer identification numbers, and some members' and former members' social security numbers. The State Bar Ad Hoc Technology Committee also has just obtained a list of the names of its members whose social security numbers were on the system. Those members will receive a separate e-mail communication from The State Bar.

Importantly, the Ad Hoc Technology Committee has confirmed that information provided by clients to their attorneys has never been maintained on The State Bar's computer systems and, therefore, such information is unaffected by this recently discovered security breach.

The Ad Hoc Technology Committee has been advised by its forensic computer experts that it is impossible to determine exactly when the security breach occurred. The State Bar has no evidence and has received no reports of any identity theft, fraud or other unauthorized use of its members' personal information at this time. If any members of The West Virginia State Bar have any evidence that their personal information has been compromised, they should contact The West Virginia State Bar immediately. Members may also contact the major credit reporting agencies to ask that a fraud alert be placed in their files to notify potential creditors and others that they may be victims of identity theft.

Equifax Information Services
PO Box 740256
Atlanta, GA 30374

PO Box 9556
Allen, TX 75013

Customer Disclosure Center
TransUnion Consumer Relations
PO Box 2000
Chester, PA 19022-2000

All questions should be directed to:

The West Virginia State Bar
2006 Kanawha Blvd., East
Charleston, WV 25311
c/o Anita Casey, Executive Director

Problems with the State Bar website go back to September 2009, and I've posted previously about problems with the Bar's website hosting malware.

Labels: , , ,


Post a Comment

<< Home