Illinois Court Exposes More Than 323,000 Sensitive Records

Unsecured Server Exposed Records Containing Sensitive Personal Data and Case Notes From Cook County Court


On September 26, 2020, researchers discovered an unsecured Elasticsearch server exposing more than 323,277 Cook County court related records containing highly sensitive personal data. Cook County, Illinois, is the second most populous county in the U.S., with a population in excess of 5 million people.


The records contained PII such as full names, home addresses, email addresses, and court case numbers, WebsitePlanet together with researcher Jeremiah Fowler, said.  More worryingly, they also contained notes on the status of both the case and the individuals concerned. The case type seems to have been categorized by indicators such as IMM (probably ‘immigration’), FAM (probably ‘family’), and CRI (probably ‘criminal’). The data was in plaintext, and internet access had no restrictions. The content could be accessed, downloaded, altered or deleted by anyone with an internet connection.


On the day of discovery, a Saturday, WebsitePlanet informed the Cook County CTO about the exposure. Early the following Monday, the database was secured and public access restricted. It was exposed for at least the best part of two days, but there is no indication on how long the database may have been available online prior to WebsitePlanet’s discovery.


The researchers received no response from the Cook County CTO, so there is no guarantee that the database actually belonged to Cook County. However, the timing of disclosure and remediation makes it highly likely. Similarly, with no response from Cook County, there is no way to determine whether the database had been accessed by people with criminal intent. However, it is worth assuming that if researchers can discover a misconfigured database, so can hackers. Criminals who may have accessed the database would have found a treasure trove of actiona ..

Support the originator by clicking the read the rest link below.