Texas State Bar warns of data breach after INC ransomware claims attack
The State Bar of Texas is warning it suffered a data breach after the INC ransomware gang claimed to have breached the organization and began leaking samples of stolen data.
The State Bar of Texas is the second-largest bar association in the United States, with over 100,000 licensed attorneys. It regulates the legal profession in Texas by overseeing licensing, continuing legal education, ethical compliance, and disciplinary actions.
In a notification letter sent to affected members, the organization states that it suffered a security breach between January 28 and February 9, 2025, but it was only discovered on February 12.
The threat actors were able to steal information from the network, including full names and other data that is redacted in the public data breach notifications filed with Attorney Generals' offices.
"Through the investigation, we determined that there was unauthorized access to our network between January 28, 2025 and February 9, 2025," reads the notice.
"During this time, the unauthorized actor was able to take certain information from our network."
The notice doesn't provide much information about the hacking group responsible for the breach, but the INC ransomware gang claimed an attack against the State Bar of Texas by adding the organization to its dark web extortion page on March 9, 2025.
The threat actors have already leaked samples of allegedly stolen files, including legal case documents.

BleepingComputer could not verify if the leaked data came from the organization's networks and if they were private or publicly available information. Our inquiry to the State Bar of Texas has so far gone unanswered.
Recipients of the data breach notifications are offered free-of-charge credit and identity theft monitoring service coverage through Experian, given until July 31, 2025, to enroll using the enclosed activation code.
Additionally, it is recommended that they consider activating a credit freeze or placing a fraud alert on their credit files to mitigate the risks that stem from the exposure.
Top 10 MITRE ATT&CK© Techniques Behind 93% of Attacks
Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
InformationalSec-Fetch-User Header is Missing
InformationalBase64 Disclosure in WebSocket message
LowStrict-Transport-Security Malformed Content (Non-compliant with Spec)
InformationalAuthentication Request Identified
InformationalUsername Hash Found
HighSQL Injection
Free online web security scanner