Search This Blog

Cook County’s Court Related Records Exposed

Unsecured Server Exposed Records Containing Sensitive Personal Data and Case Notes From Cook County Court.


The WebsitePlanet research group in collaboration with Security Researcher Jeremiah Fowler found a non-password protected database that contained more than 323,277 court-related records. Upon further investigation, the researchers found that the records were completely identified with Cook County, Illinois, the second-most populous region in the United States after Los Angeles County.

As per the research group, nearly every record, which dated back to 2012 and as far as possible up to 2020, contained some type of personally identifiable information (PII), for example, complete names, home addresses, email addresses, case numbers, and private insights regarding the cases. The database seemed, by all accounts – to be an inside record management system that contained point by point notes about case status or issues with the cases or people. The case type appears to have been sorted by markers, for example, IMM (likely ‘immigration’), FAM (presumably 'family'), and CRI (most likely 'criminal'). The information was in plaintext, and web access had no limitations. The content could be accessed, downloaded, altered, or erased by anybody with an internet connection. 

The researchers quickly reached the Cook County CTO. The database was secured days after the fact. It is unclear, however, if the affected people were advised about the data exposure or on the off chance that they were educated about the danger of how this data could be utilized to possibly target them. The researchers state, "We could not find any reference to a public notice of a data breach of court records. No one replied to our responsible disclosure notice, phone voice message, or a follow-up email, so we were unable to know exactly what these records were used for or the full extent of the exposure." 

WebsitePlanet postulates that the database may have had a place with a specialist Cook County department of caseworkers working with individuals who required extra assistance. Nearly by definition, everyone included inside the database could be delegated ‘vulnerable’ and a practical objective for scammers. The data contained – would give various ways to deal with such assaults. Assaults could go from identity theft to blackmail.
Share it:

Cook County

Personal Data

Vulnerabilities and Exploits