Cyber Incident Victim: Berks County Bar Association

The Berks County Bar Association experienced an external system breach through hacking on February 6, 2025, which compromised the personal information of 560 individuals, including one Maine resident. The breach remained undetected for 32 days until its discovery on March 10, 2025. Exposed data included names combined with other personal identifiers, though the specific additional data elements were not detailed in the notification. The association, headquartered at 544 Court Street in Berwick, Pennsylvania, engaged legal counsel Tawana Johnson of Lewis Brisbois to manage breach disclosures. No evidence suggested prior breaches within the preceding 12 months, and the incident did not trigger mandatory reporting to consumer reporting agencies since Maine resident impact fell below the 1,000-person threshold.

The association initiated written notifications to affected individuals on May 8, 2025, 59 days after breach discovery, providing a redacted copy of the notification letter for regulatory review. Identity theft protection services were offered to all impacted persons for a 12-month duration, though the service provider and specific protections were not disclosed in the filing. Counsel Johnson served as the primary contact for regulatory communications, listing a Georgia-based phone number and law firm email address. The Maine Attorney General’s office received the breach submission under the "Other Commercial" organization classification, confirming compliance with state disclosure requirements for the single affected resident. No operational disruptions, financial penalties, or post-breach legal actions were referenced in the notification materials.