Researchers said that if accessed by malicious actors, this database would be “a gold mine” for spear-phishing and phishing campaigns, blackmail, identity theft and other nefarious activities.įor instance, scammers could target immigrants whose PII was part of the database, threatening deportation unless a ransom is paid. These could include cases pertaining to divorce (including child custody and visitation), domestic violence, the Child Protection Division (which handles protecting minors from abuse) and the Juvenile Justice Division (which handles crimes by minors).
Researchers said they presume these court documents were part of a specialized department or case workers within the Cook County courts who assisted those who did not speak English or who needed some type of help from the court.Īlso part of the database were various criminal-court records (labeled CRI) and family-court cases (labeled FAM). Wrapped up in the database were files labeled “IMM,” that researchers believed to be various immigration court records including various email addresses (related to USCIS accounts, which are used for citizenship and immigration services) and various court records that included names, case numbers, and case notes about the status or progress of the case (for instance, if the client needed a translator). The exposed court records, which were dated between 2012 to 2020, exposed both case plaintiffs and defendants “in a tone that was clearly aimed for internal use only and should not have been publicly exposed,” said researchers. The database appeared to be an internal record-management system, which was comprised of detailed data about the status of, or issues with, various cases.Ī redacted view of the database.
#Cook county court records public access full
“Nearly every record contained some form of personally identifiable information (PII) such as full names, home addresses, email addresses, case numbers and private details about the cases,” said researchers “Based on the potentially sensitive PII exposed, it was clear that this data was not meant to be public.” The database remained publicly exposed until this week on Monday, when it was secured and public access was restricted The researchers discovered the database on Sept. “The owner of the server was still unknown as of that day.”
#Cook county court records public access update
“On January 29th, 2021, the Cook County Bureau of Technology reached out to us to inform us that the server did not belong to the Cook County government,” said researchers with Website Planet in an update on Jan. The data is related to Cook County, home to the city of Chicago and which has 5.1 million residents (making it the second most populous county in the U.S., behind Los Angeles county), they said. Researchers from Website Planet (in conjunction with security researcher Jeremiah Fowler) said they don’t know who owns the exposed database in question. The database exposed the names of various people involved in sensitive criminal, domestic-abuse or child-custody court cases, related to a county in Illinois.
/cdn.vox-cdn.com/uploads/chorus_asset/file/10719405/proba.png "cook county court records public access")
A non-password protected database exposed 323,000 court records for at least four months, according to researchers.
0 kommentar(er)
