According to a bulletin posted on their website, the ABA states that they had noticed unusual activity on March 17. Immediately, they activated their incident response plan. Their investigation found that the threat actor had gained access around March 6.
According to the American Bar Association's post, "To be clear, the passwords were not exposed in plain text. They were instead both hashed and salted, which is a process by which random characters are added to the plain text password, which is then converted on the ABA systems into cybertext."
The ABA encourages members to change their credentials moving forward out of caution.