Doesn't sound like a breach to me - sounds like the state bar association inadvertently gave out the information, and now they are looking for someone to blame - someone else that is.
It wasn’t a breach. Those records were publicly available. It’s a shame the site’s operator complied with the takedown request. Unfortunately that’s what happens when you use a US hosting provider and domain. In the interest of transparency, site operator should consider migrating the site to a provider outside of US jurisdiction and/or making torrents of the record data that can’t be simply taken down.
I don't care what the org "intended" to do. The org assumed the responsibility of providing an API and with it the responsibility of securing private data. They failed and should be held culpable.
Boeing doesn't call it a "cyberattack" when their altitude control systems fail because of poor design.
>>>The site owner (of judyrecords) claims that the State Bar’s confidential and public case records were all previously available at a public URL. Is this true?
>>>The State Bar Court website allows the public to search for publicly available case information. The extent to which the external aggregating website was able to obtain nonpublic information that was stored in the Odyssey case management system is still being investigated.
I am inclined to believe judyrecords, until proven otherwise.
Yep, not unlike the other recent story where someone scraped a website and ended up pulling in SSN's and other personal information that was on the page, but not visible (but in the html) - and then the government threatened to prosecute the person who reported the problem.
A perfect example why MORE public information is better than less.
Well, it’s the CA state bar - it’s the den for all the lawyers in a juggernaut state. Misdirection through deceptive - sorry persuasive - language is literally what a goodly number of them do every day for a living.
> We do not know yet. The State Bar’s Odyssey case management system software vendor, Tyler Technologies, has been tasked with investigating what happened, taking the steps needed to rectify the breach, and ensuring something similar does not happen again. The State Bar also retained a team of IT forensics experts to assist in our investigation.
> The site owner claims that the State Bar’s confidential and public case records were all previously available at a public URL. Is this true?
> The State Bar Court website allows the public to search for publicly available case information. The extent to which the external aggregating website was able to obtain nonpublic information that was stored in the Odyssey case management system is still being investigated.
It sounds extremely likely that the state bar had a website misconfigured, and the automated systems of the aggregation site sucked down all the data it was technically (but not legally) given access to.