Close Menu
TechTost
  • AI
  • Apps
  • Crypto
  • Fintech
  • Hardware
  • Media & Entertainment
  • Security
  • Startups
  • Transportation
  • Venture
  • Recommended Essentials
What's Hot

The US government says it’s been hacked — again

Arcturus could halve grid electrical losses using nano-infused metals

Lucid Motors CFO steps down as new CEO continues leadership shakeup

Facebook X (Twitter) Instagram
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer
Facebook X (Twitter) Instagram
TechTost
Subscribe Now
  • AI

    OpenAI proposed donating 5% of its equity to a US sovereign wealth fund

    2 July 2026

    SpaceX has a prototype AI device, and it sure sounds like a phone

    2 July 2026

    Meta, like SpaceX, appears to be turning AI overcomputation into cash

    1 July 2026

    The “Father of the Internet” is finally retiring

    1 July 2026

    Amazon launches new $1 billion FDE organization, following OpenAI and Anthropic

    30 June 2026
  • Apps

    Popular TV-watching app TV Time is shutting down as the company focuses on artificial intelligence

    2 July 2026

    WhatsApp usernames are already raising red flags of impersonation

    2 July 2026

    Gemini Spark, Google’s agent assistant, is now available on Mac

    1 July 2026

    Acti puts AI agents directly on your smartphone keyboard

    1 July 2026

    X now offers an MCP server to make its platform easier for AI tools to use

    30 June 2026
  • Crypto

    Venice AI goes unicorn with $65M Series A as first privacy AI platform takes off

    1 July 2026

    Crypto Exchange OKX wants AI agents to hire and pay each other

    30 June 2026

    Startup Battlefield 200 applications close today

    27 May 2026

    5 days left: Save up to $410 on Disrupt 2026 passes

    25 May 2026

    As crypto cools, a16z crypto raises $2.2 billion in capital

    6 May 2026
  • Fintech

    India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

    28 June 2026

    Early Bird pricing ends tonight for the Founder Summit

    26 June 2026

    4 days left to save up to $190 on Founder Summit 2026

    23 June 2026

    Robinhood’s note on 10% layoffs shows that blaming AI doesn’t cut it

    17 June 2026

    Anthropic’s latest spat with the Trump administration may actually help it, sales figures suggest

    17 June 2026
  • Hardware

    Ashton Kutcher is leaving Sound Ventures to start a new VC firm with Morgan Beller

    2 July 2026

    Flipper’s new Busy Bar is a customizable display for productivity

    30 June 2026

    South Korea’s tech giants pledge over $550 billion to ease ‘RAMageddon’

    30 June 2026

    Pocket raises $11M in bet on growing demand for AI note-taking devices

    29 June 2026

    Govee’s smart nugget ice maker makes every frozen drink feel like luxury

    28 June 2026
  • Media & Entertainment

    Cloudflare’s new policy pushes AI companies to pay for publishers’ content

    1 July 2026

    Watch out, Amazon: The Kobo eReader now has a Goodreads rival

    29 June 2026

    YouTube Shorts just got even shorter with an update that lets you double the playback speed

    25 June 2026

    Deezer says its new feature allows fans to remix songs with the artist’s consent

    24 June 2026

    Instagram looks set to take on streaming services with a longer, episodic and live format for its TV app

    22 June 2026
  • Security

    The US government says it’s been hacked — again

    2 July 2026

    In major privacy victory, Supreme Court rules that geo-trafficking warrants are protected by privacy rights

    29 June 2026

    The Klue hack results in a data breach at several cybersecurity companies

    26 June 2026

    Cellebrite said it cut off Russia, but Russia used its tools anyway

    26 June 2026

    Hacked Klue Says Criminals Are Deleting Stolen Customer Data, But Now Other Hackers Are Making Threats

    25 June 2026
  • Startups

    Arcturus could halve grid electrical losses using nano-infused metals

    2 July 2026

    Indian tech tycoon bets $30 million of his own money to build AI alternative to Microsoft Office

    2 July 2026

    Nvidia competitor Etched hits $5 billion valuation, $1 billion in AI chip sales

    1 July 2026

    Startup Battlefield Australia application closes in days: Apply before 6 July

    1 July 2026

    Clicks shows off its BlackBerry-inspired phone in a new hands-on video

    30 June 2026
  • Transportation

    Lucid Motors CFO steps down as new CEO continues leadership shakeup

    2 July 2026

    Tesla begins testing Cybercab without pedals or steering wheel in Austin

    2 July 2026

    Lime is starting life as a public company after years of uncertainty

    1 July 2026

    Wayve launches $85M employee offering at $8.5B valuation

    1 July 2026

    Blue Origin still doesn’t know why its New Glenn rocket blew up last month

    30 June 2026
  • Venture

    After $18B IPO, Bending Spoons Founder Says Success Comes From Minimizing Luck

    2 July 2026

    Bending Spoons defies SaaS slump, up 40% on first day of trading

    2 July 2026

    The DeepMind trio that created a poker AI is now making money for quantitative hedge funds

    1 July 2026

    Patronus AI lands $50 million to create ‘digital worlds’ that stress-test AI agents

    26 June 2026

    How to invest when everything is moving too fast

    24 June 2026
  • Recommended Essentials
TechTost
You are at:Home»Security»Security flaws in court records systems used in five US states exposed sensitive legal documents
Security

Security flaws in court records systems used in five US states exposed sensitive legal documents

techtost.comBy techtost.com30 November 202307 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Email
Security Flaws In Court Records Systems Used In Five Us
Share
Facebook Twitter LinkedIn Pinterest Email

Lists of witnesses and testimonials, mental health evaluations, detailed abuse complaints and company trade secrets. These are some of the sensitive court records that security researcher Jason Parker said he found exposed on the open Internet for anyone, and anyone but the judiciary themselves, to access.

At the heart of any court system is the court records system, the technology stack for submitting and storing legal filings for criminal trials and civil legal cases. Court records systems are often partially online, allowing anyone to search for and obtain public documents while limiting access to sensitive legal records where public exposure could jeopardize a case.

But Parker said some court records systems used across the U.S. have simple security flaws that expose sealed, confidential and sensitive but unredacted legal filings to anyone on the Web.

Parker told TechCrunch that they were contacted in September by someone who read their previous report documentation of a vulnerability in Bluesky, the new social network that emerged after the sale of Twitter to Elon Musk. The advocate told Parker that two US court records systems had vulnerabilities that exposed sensitive legal records to anyone on the Web. The tipster reported the errors to the affected courts, but said they heard nothing, Parker told TechCrunch on a call earlier this month.

Armed with the tipster’s findings, Parker went down a rabbit hole researching several affected court records systems. Parker then disclosed security flaws in at least eight court records systems used in Florida, Georgia, Mississippi, Ohio and Tennessee.

“The first document I saw was a judge’s order in a domestic violence case. The order was to grant name changes to the kids to basically protect them from the wife,” Parker told TechCrunch, talking about the reproduction of the first vulnerability. “Immediately my jaw went to the center of the earth and stayed that way for weeks.”

“The next document I found at the other court was a full mental health assessment. It was thirty pages into a criminal case and as detailed as you’d expect. it was from a doctor,” they added.

The bugs vary in complexity, but all could be exploited by anyone using just the developer tools built into any web browser, Parker said.

These types of so-called “client-side” bugs are exploitable with a browser because an affected system did not perform the proper security checks to determine who is allowed to access sensitive documents stored on them.

One of the bugs was as easy to exploit as incrementing a document number in the browser address bar of a Florida court records system, Parker said. Another bug allowed anyone to “automatically access without a password” a court records system by adding a six-letter code to any username, which Parker said they found as a clickable link in a Google search result.

With help from CERT/CC Vulnerability Disclosure Center and CISA Coordinated Vulnerability Disclosure Teamwho helped coordinate the disclosure of these flaws, Parker shared details nine total vulnerabilities with the affected sellers and the legal authorities in an effort to fix them.

What came back was a mixed bag of results.

Three technology vendors fixed the bugs in their respective court records systems, Parker said, but only two companies confirmed to TechCrunch that the fixes had taken effect.

Catalis, a government software technology company that makes CMS360, a court records system used by judicial authorities across Georgia, Mississippi, Ohio and Tennessee, has identified a vulnerability in a “separate secondary application” used by some court systems that allow the public, lawyers or judges to search CMS360 data.

“We have no files or logs indicating that confidential data was accessed through this vulnerability, and we have not received any such reports or evidence,” Eric Johnson, a Catalis executive, said in an email to TechCrunch. Catalis won’t say specifically whether it keeps the specific logs it would need to block improper access to sensitive court documents.

Software company Tyler Technologies said it has patched vulnerabilities in the Case Management Plus module of a court records system used exclusively in Georgia, the company told TechCrunch.

“We have been in contact with the security researcher and have confirmed the vulnerabilities,” Tyler spokeswoman Karen Shields said. “At this time, we have no evidence of discovery or exploitation by a bad actor.” The company did not say how it reached that conclusion.

Parker said Henschen & Associates, a local Ohio software developer that provides a statewide court records system called CaseLook, patched the vulnerability but did not respond to emails. Henschen president Bud Henschen also did not respond to emails from TechCrunch, nor did he confirm that the company had fixed the bug.

In their disclosure was published on Thursday, Parker also said they notified five counties in Florida through the state court administrator’s office. Florida’s five courts are believed to have developed their own court records systems in-house.

Only one county is known to have patched the vulnerability found in its system and prevented improper access to sensitive court records.

A photo of the Sarasota County Courthouse in Florida, one of the courthouses with an affected court records system. Image Credits: Independent Picture Service / Universal Images Group via Getty.

Sarasota County said it has patched a vulnerability in its court records system it calls ClerkNet that allowed access to documents by incrementing document sequence numbers. In a letter provided to TechCrunch When reached for comment, Sarasota County Clerk of District Court Karen Rushing said a review of access logs “did not reveal any incidents where sealed or confidential information was accessed.” The county disputed the existence of a second defect cited by Parker.

Given the simplicity of some of the vulnerabilities, it’s unlikely that Parker or the original tipster were the only people with knowledge of their exploitability.

The four remaining Florida counties have yet to acknowledge the flaws, report whether they have implemented fixes or confirm whether they have the ability to determine whether sensitive records were ever accessed.

Hillsborough County, which includes Tampa, would not say whether its systems were fixed after Parker’s disclosure. In a statement, Hillsborough County Clerk’s spokeswoman Carson Chambers said, “The confidentiality of public records is a top priority of the Hillsborough County Clerk’s office. There are many security measures in place to ensure that confidential court records can only be viewed by authorized users. We consistently apply the latest security enhancements to Clerk systems to prevent this.”

Lee County, which covers Fort Myers and Cape Coral, also would not say whether it had patched the vulnerability, but said it reserved the right to take legal action against the security researcher.

When reached for comment, Lee County Representative Joseph Abreu provided an identical statement to Hillsborough County, with the addition of a thinly veiled legal threat. “We interpret any unauthorized access, intentional or unintentional, as a possible violation of Chapter 815 of the Florida Statutes and may also result in civil litigation by our office.”

Representatives for Monroe County and Brevard County, in which Parker also filed vulnerability disclosures, did not respond to requests for comment.

For Parker, their research amounts to hundreds of unpaid hours, but represents only the tip of the iceberg of affected court records systems, noting that at least two other court records systems have similar unpatched vulnerabilities today.

Parker said they hope their findings will help make changes and spur improvements in the security of government technology applications. “Government technology is broken,” they said.

Read more at TechCrunch:


Zack Whittaker can be reached on Signal and WhatsApp at +1 646-755-8849 or via email. You can also contact TechCrunch via SecureDrop.

court courts cyber security documents exposed flaws legal records security security vulnerability sensitive states systems United States vulnerability
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleDrug discovery startup Pepper Bio hopes to challenge Eroom’s Law with new funding
Next Article This small French company wants to create the open alternative to Kindle and Kobo
bhanuprakash.cg
techtost.com
  • Website

Related Posts

The US government says it’s been hacked — again

2 July 2026

In major privacy victory, Supreme Court rules that geo-trafficking warrants are protected by privacy rights

29 June 2026

The Klue hack results in a data breach at several cybersecurity companies

26 June 2026
Add A Comment

Leave A Reply Cancel Reply

Don't Miss

The US government says it’s been hacked — again

2 July 2026

Arcturus could halve grid electrical losses using nano-infused metals

2 July 2026

Lucid Motors CFO steps down as new CEO continues leadership shakeup

2 July 2026
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Fintech

India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

28 June 2026

Early Bird pricing ends tonight for the Founder Summit

26 June 2026

4 days left to save up to $190 on Founder Summit 2026

23 June 2026
Startups

Arcturus could halve grid electrical losses using nano-infused metals

Indian tech tycoon bets $30 million of his own money to build AI alternative to Microsoft Office

Nvidia competitor Etched hits $5 billion valuation, $1 billion in AI chip sales

© 2026 TechTost. All Rights Reserved
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Type above and press Enter to search. Press Esc to cancel.