image
A non-password protected database, belonging to a county in Illinois, exposed 323,000 court records for at least four months, according to researchers. The database exposed the names of various people involved in sensitive criminal, domestic-abuse or child-custody court cases. Researchers from Website Planet (in conjunction with security researcher Jeremiah Fowler) alleged the database was owned by Cook County, home to the city of Chicago and which has 5.1 million residents (making it t second most populous county in the U.S., behind Los Angeles county). The researchers discovered the database on Sept. 26, and notified the Cook County CTO of the exposure soon after. However, the database remained publicly exposed until this week on Monday, when it was secured and public access was restricted. “Nearly every record contained some form of personally identifiable information (PII) such as full names, home addresses, email addresses, case numbers and private details about the cases,” said researchers with Website Planet on Tuesday. “Based on the potentially sensitive PII exposed, it was clear that this data was not meant to be public.” The database appeared to be an internal record-management system, which was comprised of detailed data about the status of, or issues with, various cases. A redacted view of the database. Credit: Website Planet It’s unclear which specific part of the county managed the database (Threatpost has reached out to Website Planet for further comment)….

Source