After finding that a website exposed sensitive information regarding 260,000 attorney discipline cases in California and other jurisdictions, the State Bar of California is investigating a data breach. Officials from the State Bar found out about the leaked documents on February 24.
Officials said that as of Saturday night, all confidential data published on the website judyrecords.com had been removed, including case numbers, file dates, information about the types of cases and their statuses, as well as the respondent’s names and complaining witnesses.
“We apologize to anyone who is affected by the website’s unlawful display of nonpublic data,” as stated by the State Bar executive Leah Wilson. “We take our obligations to protect confidential data with the utmost seriousness, and we are doing everything we can to ensure that we resolve this issue quickly and prevent any such breaches from recurring.”
The entire case documents were not made public. Officials said they don’t know if the data was leaked due to a hacking attack. Judyrecords.com is a website that compiles court case records from throughout the country. According to the California Business and Professions Code, disciplinary investigations are kept private until official charges are filed.
The public can search for case information on the State Bar website. Still, the information on the attorney discipline cases maintained by judyrecords.com is not meant to be accessible to the public. The State Bar’s Odyssey case management system, provided by Tyler Technologies, was used to store the data.
The State Bar informed law enforcement and recruited a team of IT forensics professionals to examine the data incident. The investigation is being assisted by Tyler Technologies. The State Bar had also contacted the website’s hosting provider, requesting that the publicly available data be removed.