0

Florida Bar Association: Lawyer Information Revealed on Gossip Site [UPDATED]

[Updated: Bar reports it was not hacked]

Florida lawyers’ contact information, discipline history, and other practice data from the Florida Bar Association was posted to a gossip website on September 12, 2016.  According to the Bar, their servers were not hacked and this is publicly-available information.  The person(s) involved, however, claims that the data dump includes private information, such as cell phone numbers and “lots of DHS, FBI, and DOJ employees on this list.”  The data dump does not appear to include home addresses, payment information, social security numbers, or dates of birth.  Even without such information, disclosure of Bar members’ contact information in database form makes it easier for mass marketing to (or scamming of) Florida lawyers.

The post first appeared on PBSOtalk.ru, a controversial site which describes itself as, “Exposing the Culture of Corruption under Sheriff Ric Bradshaw – Anyone can post completely anonymously!”  PBSOtalk was shut down in mid-2016 but re-emerged thereafter on a Russian domain.  Posting as “guest,” a user posted the alleged Bar data because “all judges, attorneys, and prosecutors all seem to be in it together.”  The post is entitled, “Happy Telemarketer’s Day! A gift, just for you annoying motherfuckers.”

“Guest” described the data dump to include:

Status | Quantity
Authorized House Counsel 951
Customer 90877
Deceased 11276
Disbarred 1272
Florida Registered Paralegal 5075
Incapacitated 109
Law Faculty Affiliate 216
Member in Good Standing 83955
Member of the Judiciary 1426
Membership Lapsed 4719
Permanently Retired 15
Pro Hac Vice 14273
Resigned 239
Retired 6770
Student 7194
Suspended 255

[This includes]

158,385 email addresses
219,139 office phones and cell phone numbers
84,772 fax numbers
226,928 mailing addresses

These figures seem relatively close to the most recent Florida Bar numbers, which assert there are 102,786 members of which 89,248 are in good standing to practice law.  The PBSO data dump suggests a slightly lower figure of 83,955.

The Bar has indicated that its servers have not been hacked.  This disclosure may just be scraping of publicly available data from the Bar’s “find a lawyer” directory page.  The hacker claims that the data dump includes “lots of DHS, FBI, and DOJ employees on this list” (which has not been verified). “Guest” posted that, “I recommend the Florida Bar do something about their JSON outputs to prevent their data from leaking…”  This is a reference to JavaScript Object Notation which is a way to store information in a readable format; JSON allows a site to load data quickly and allows other domains to pull up the information.

The hacker further claims to list the lawyers with the most Bar complaints, with the top spots crowded with South Florida lawyers (according to the list, a Deerfield Beach lawyer had 8 complaints).  UPDATE: A search of the Florida Bar directory search reveals that many on the list are disbarred.  The list does not necessarily reflect the number of complaints filed against the lawyer — these appear to be the publicly-available list of adverse Bar findings against the lawyer.

The data was released in a 7-zip compressed file which is hosted on a Russian domain associated with PBSOtalk.ru (that domain appears to be run by someone using the moniker, “Badvolf,” a reference to a Dr. Who episode).

The data dump includes a folder of a dozen .sql data files:

AttyAddress.sql

AttyBoardCert.sql

AttyyContactDetails.sql

AttyDiscipline.sql

AttyFedCourts.sql

AttyLanguages.sql

AttyMaster.sql

AttyNatBoardCerts.sql

AttyPracAreas.sql

AttySections.sql

AttyServices.sql

AttyStateCourts.sql

The “AttyMaster.sql” file, as its name suggests, is the largest file while three of the other files are negligible in size.

Someone by the name of “dissenter” appears to have begun to further distribute this information on Sunday, September 25, 2016 (see here and here).

The Florida Bar was notified on September 26, 2016.

This post will be updated once more information is available.  UPDATES are noted in bold/underline above.

 

Christopher B. Hopkins

Leave a Reply

Your email address will not be published. Required fields are marked *