Cyber Incident Victim: State Bar of Texas
Date:
Jan 2025
Location:
United States of America
Summary
The State Bar of Texas experienced a data breach involving unauthorized network access by the INC ransomware gang, which exfiltrated sensitive information including full names and other undisclosed data before leaking sample legal documents. The intrusion occurred over a multi-day period and was discovered shortly after the unauthorized access concluded, prompting the organization to notify affected individuals and offer complimentary credit monitoring services. The ransomware group publicly claimed responsibility for the attack by listing the entity on its extortion portal and publishing purportedly stolen materials, though the authenticity and confidentiality status of the leaked files remain unverified.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The State Bar of Texas, an organization overseeing over 100,000 licensed attorneys and regulating legal practice in the state, experienced a cybersecurity incident between January 28 and February 9, 2025. Unauthorized actors gained access to the organization’s network during this period, exfiltrating sensitive information including full names and other unspecified data redacted in public breach notifications. The breach was discovered on February 12, 2025, three days after the intrusion window closed. On March 9, 2025, the INC ransomware gang claimed responsibility for the attack by listing the State Bar of Texas on its dark web extortion site and leaking samples of allegedly stolen legal case documents. BleepingComputer reported the leak but could not independently verify whether the data originated from the State Bar’s systems or if it contained private versus publicly accessible information. The organization did not publicly confirm the ransomware group’s involvement or provide technical details about the attack vector, compromised systems, or containment measures.
In response to the breach, the State Bar of Texas issued data breach notifications to affected individuals, offering free credit and identity theft monitoring through Experian with an enrollment deadline of July 31, 2025. The notifications advised recipients to consider credit freezes or fraud alerts on their credit files as protective measures. The organization’s investigation confirmed unauthorized access and data theft but did not disclose the total number of impacted individuals, the full scope of stolen data types beyond names, or whether regulatory bodies were formally notified. No ransomware payment or negotiation details were disclosed, and the State Bar did not respond to BleepingComputer’s inquiries regarding the legitimacy of the leaked samples. The incident exposed sensitive attorney information, potentially affecting professional operations and client confidentiality, though specific consequences such as financial losses, operational disruptions, or disciplinary impacts remain undocumented in available sources.