Close Menu

The California Bar’s Confidential Discipline Records Were Published Online. Now What?

The California Bar’s Confidential Discipline Records Were Published Online. Now What?

On February 27, it was announced that the State Bar of California’s confidential discipline records were published online after a data breach occurred. There were 260,000 attorney discipline cases from California as well as other jurisdictions published on the site for four months. Now, the State Bar is trying to figure out what happened and how to stop it from happening again in the future. 

In light of this news, you may be wondering about what steps to take after you’ve been a victim of a data breach. The first step is to get in touch with Robin D. Perry. The Law Offices of Robin D. Perry & Associates provide vigorous representation to clients and are a goal-oriented and values-driven firm. We develop creative strategies to win every case, every time and are confident we can help you with your data breach issue. Reach out to us today to schedule a consultation. 

What Information Was Published?

The website posted information from cases like case numbers, file data, respondent and complaining witness names, and information about the types of cases as well as their statuses in the data breach.

An anonymous administrator from said on the website that the records, along with others it was going to publish, had been deleted as of February 26. They claimed that the records were available through the State Bar’s discipline website, but the State Bar says that is not true. The records were on the site for four months, but the State Bar didn’t learn about it until February 24.

Along with the confidential data, also posted around 60,000 public State Bar court cases and displayed confidential court records from additional jurisdictions. Under California law, attorney disciplinary investigations are confidential unless formal charges have been filed and a court proceeding starts.

The State Bar court website lets anyone search for publicly available information on cases. Now, an investigation is taking place to determine how gained access to the confidential data.

The Response from the State Bar

The State Bar issued an apology to those whose information was leaked.

“We apologize to anyone who is affected by the website’s unlawful display of nonpublic data,” State Bar executive Leah Wilson said in a statement. “We take our obligations to protect confidential data with the utmost seriousness, and we are doing everything we can to ensure that we resolve this issue quickly and prevent any such breaches from recurring.”

The State Bar notified law enforcement and hired a team of information technology forensics experts to help with the investigation. The State Bar’s vendor, Tyler Technologies, is looking into glitches with the Odyssey case management software it uses as well.

“It appears that a previously unknown security vulnerability in the Tyler Technologies Odyssey case management portal allowed the nonpublic records to be unintentionally swept up by judyrecords when they attempted to access the public records, using a unique access method,” said the State Bar in a statement.

A website has been established to alert people about updates on the data breach. You can access it on

Was the State Bar Negligent?

According to Former Los Angeles County District Attorney Steve Cooley, the State Bar did not mention their legal obligation to notify those whose records may have been revealed. “That might be a daunting task but is the law,” he said.

There is a disclosure obligation spelled out under two California Civil Code sections, 1798.29 and 1798.82. Both of these make it necessary for business and agency breaches to be disclosed without unreasonable delay and in the speediest time possible. Notification must happen immediately if the leaked data includes personal information such as names, employment history, and financial matters.

There is one complication: The State Bar isn’t a business or agency. “This doesn’t mean that the State Bar isn’t morally or ethically obligated to give notice within a reasonable time period,” said Jim Dempsey, a lecturer at UC Berkeley School of Law. “Even if the State Bar were covered as an agency or business, two days’ notice would probably be reasonable. But if the State Bar were covered, it would have to follow that up with individual notice to all persons whose covered information was disclosed.”

This situation may not even meet security breach standards in the codes. Still, there is a possibility the State Bar, as well as their vendor, could be sued for negligence. One critic believes that the State Bar should not be shifting blame to

“If the State Bar didn’t take sufficient steps to protect its own data, inadvertently or otherwise, that’s not the website’s fault,” David Loy, director of the First Amendment Coalition, said. “That’s the State Bar’s fault. I hold them to a higher standard as lawyers and they, should know better. If they have evidence that the website acted unlawfully then they should say that. They should not be deflecting the blame and ignoring the First Amendment.”

Suing for a Data Breach

If you were impacted by the California State Bar breach – or any other kind of data breach – you may be wondering if you can sue. When it comes to breaches, it’s a little bit complicated.

You can only take legal action if you can prove that the security measures were lacking, this led to the data breach, and you suffered damages because of it. For example, perhaps your data was leaked because a company or organization did not have the proper security in place to protect your information. Maybe a company or organization didn’t test their security by hiring professionals to look into weak spots. Or, they might not have trained their employees use the best security practices, like coming up with strong passwords and not sharing their passwords with anyone.

Typically, you won’t be able to determine who did the actual data breach because hackers usually remain anonymous. However, you could potentially take legal action against the business or organization that got hacked if you suffer from damages, including the following:

  • The cost of correcting information that was leaked
  • The cost of replacing credit cards and debit cards
  • The cost of credit reports
  • The cost of protecting your information following a breach
  • Emotional damages, including emotional distress, damage to your credit, and invasion of privacy
  • Other out-of-pocket expenses you now need to cover

After a data breach, you’ll need to take swift action and do things like call your bank and credit card issuers, cancel your credit and/or debit cards, change your passwords, and change your bank account numbers.

Finding a Privacy Violation & Consumer Rights Attorney

If you have been impacted by the California State Bar breach or any other kind of data breach, you can get in touch with a privacy violation and consumer rights attorney for help. They will let you know if you have a valid case. If you do, they will then assist you with collecting proof that a company or organization was negligent when handling your information and determine which damages could apply to your situation. They will also negotiate on your behalf.

Keep in mind that it’s best to go through an attorney instead of trying to negotiate yourself. A company or organization may offer you a paltry settlement, which means you wouldn’t get what you deserve.

If you’ve been the victim of a data breach, you’re understandably stressed out right now. You don’t have to handle this on your own. Find an experienced privacy violation and consumer rights attorney for support and assistance during this difficult time.

Reach Out to Robin D. Perry & Associates

If you need help with a data breach issue, then it’s time to get in touch with the Law Offices of Robin D. Perry & Associates today. No matter what, we will fight on your behalf during your time of need. Call us at 562-216-2944 or contact us on our website for a free consultation.

Facebook Twitter LinkedIn
Contact Our Trusted
Legal Team Today!
Free Case Evaluation
protected by reCAPTCHA Privacy - Terms