More than 27,000 New York City Bar Association members and employees had their information exposed following a data breach of the organization's systems between Dec. 2 and 24, 2022, which was claimed by the Cl0p ransomware operation, reports The Record, a news site by cybersecurity firm Recorded Future.
While Cl0p ransomware previously admitted that it was able to exfiltrate 1.8 TB data after encrypting NYC Bar's systems, only individuals' names were confirmed by the association to have been compromised in the incident, based on an investigation that concluded last month.
However, filings in Maine revealed the exposure of individuals' credit and debit card numbers and other financial account numbers, along with their security codes.
NYC Bar has not provided reasons behind the delayed notification for the breach, which comes amid increasing attacks against bar associations, with the German Federal Bar Association impacted by the NoEscape ransomware operation in August and the State Bar of Georgia crippled by a cyberattack in May 2022.
One year after its emergence in the threat landscape, Alpha ransomware has been discovered to resemble the Netwalker ransomware-as-a-service operation that was dismantled in January 2021, BleepingComputer reports.