‘Cutting Corners’ Enabled Hackers to Steal Data of 1.4M ABA Members: Class Action

The American Bar Association’s failure to secure and safeguard its networks enabled a hacker to gain access to the personally identifiable information of up to 1.4 million members in a March 17 data breach, alleged registered ABA member Tiffany Troy in a class action Friday (docket 1:23-cv-03053) in U.S. District Court for Eastern New York in Brooklyn. The ABA’s security failures enabled the hackers to steal the class members’ “personal and financial data,” putting that data “at serious and ongoing risk,” it said. The hackers continue to use the information they obtained as a result of the ABA’s inadequate security “to exploit and injure class members” across the U.S., it said. The breach was “caused and enabled” by the ABA’s “knowing violation of its obligations to abide by best practices and industry standards in protecting customers’ personal information,” it said. The ABA “grossly failed to comply with security standards and allowed its customers’ financial information to be compromised, all in an effort to save money by cutting corners on security measures that could have prevented or mitigated” the breach, it said.