California Bar investigates after confidential records published
The State Bar of California is investigating a data breach after learning that a website published confidential information about 260,000 attorney discipline cases in California and other jurisdictions.
State Bar officials learned about the posted records on Feb. 24. As of Saturday night, all the confidential information that had been published on the website judyrecords.com — which included case numbers, file dates, information about the types of cases and their statuses, respondent and complaining witnesses names — had been removed, officials said.
“We apologize to anyone who is affected by the website’s unlawful display of nonpublic data,” State Bar executive Leah Wilson said in a statement. “We take our obligations to protect confidential data with the utmost seriousness, and we are doing everything we can to ensure that we resolve this issue quickly and prevent any such breaches from recurring.”
Full case records were not published. Officials said they don’t know whether the published information was the result of a hacking incident. Judyrecords.com is a website that aggregates nationwide court case records.
The State Bar website allows the public to search for case information, but the information on the attorney discipline cases posted by judyrecords.com is not supposed to be available to the public. That information was stored in the State Bar’s Odyssey case management system, which is provided by vendor Tyler Technologies.
In accordance with the California Business and Professions Code, disciplinary investigations are confidential until formal charges are filed.
As a result of the data breach, the State Bar notified law enforcement and hired a team of IT forensics experts to investigate. Tyler Technologies is assisting in the investigation. The State Bar had also contacted the website’s hosting provider to request that the published information be taken down.