Cyber-Data Incident at myWSBA.org
Update: As of Dec. 10, 2020, myWSBA.org and its associated functions—online licensing, CLE registration, MCLE reporting, the Legal Directory, and more— are now back up and running. While speed was certainly a top priority, it was necessary to thoroughly review the site and ensure it was restored securely. It was also necessary to determine whether any member transactions may have been affected, and we are in the process of notifying those members. If you have any questions, please email DataSecurity@wsba.org.
We recently discovered a potential data security incident involving our website myWSBA.org. As a precaution, the myWSBA.org portal is currently offline, causing disruptions for members who want to login into their Fastcase and/or Casemaker accounts, purchase a CLE product, pay their license fee, and report MCLEs. We are working quickly to reestablish access. We expect the site to be available again soon.
Legal Research
Casemaker has established a temporary login for members — go to casemakerlegal.com and for email address enter: wsbaorg@casemakerlegal.com and password: Winter2020 until we reestablish connection.
Fastcase has established a temporary login for members. Login here, and enter username: WSBA and password: Winter2020
Background
We discovered Monday, Nov. 16, that malicious code that targets credit card numbers was introduced to our website myWSBA.org. We do not yet know if the cybercriminals successfully accessed any credit card numbers. As our investigation continues, we will notify any potentially affected individuals if and when we discover that their credit card information was stolen. As a precaution, we are asking anyone who purchased a CLE product or paid their license fee at myWSBA.org in the past year to monitor their credit card for potential fraudulent activity. If you see transactions that you did not perform, contact your financial institution immediately.
Our IT Department is actively working to resume operations securely as soon as possible. We are also investigating the extent of the malicious code, including the timeline of when it was activated.
Again, we are erring on the side of caution in notifying membership widely and early on because we believe it is better to be informed and vigilant, even as we continue to look for evidence of any data compromise.
Thank you for your patience. We hope to relaunch myWSBA.org—safely and securely—as soon as possible.
If you have questions, email DataSecurity@wsba.org.
