Officials with the State Bar of Georgia have spent much of the week responding to a cyberattack that crippled the organization’s network, website and email system.
The State Bar is not part of the state government, but the Supreme Court of Georgia authorizes it to hold ethics investigations into the state’s lawyers and sanction those who violate state rules. The organization also provides guidance and assistance to lawyers in the state as well as a directory of attorneys.
As of Thursday afternoon, Eastern time, the State Bar’s website still carried only a single page of information for members about the attack.
Officials said the incident began Monday, and they soon hired an unnamed cybersecurity firm to investigate. The organization also said it had deployed an endpoint detection and response system throughout the network.
Jennifer Mason, director of communications at the State Bar, told The Record that officials are unsure whether member data was stolen in the attack.
“Upon learning of the unauthorized access, we immediately took steps to secure the network, a cybersecurity firm was engaged and a thorough investigation is being conducted,” Mason said.
Mason did not respond to questions about whether it was a ransomware attack.
“We are still investigating the incident and have not determined what information, if any, the unauthorized actor may have accessed,” Mason said. “Updates will be posted on www.gabar.org as additional information is available.”
The website now provides a list of phone numbers people can call in order to access services.
This is far from Georgia’s first run-in with cybersecurity issues. In 2019, the state’s court system was hit with a ransomware incident following an even larger ransomware attack that crippled the Atlanta city government. Officials in Jackson County were forced to pay $400,000 to get rid of a ransomware infection and regain access to IT systems in March 2019.
A Savannah, Georgia-based health system suffered a ransomware incident last year, and the local government of Hall County was attacked by a ransomware group right before the 2020 election.