Criminal, Domestic Violence Case Info Exposed in Cook County Leak

A non-password protected database, belonging to a county in Illinois, exposed 323,000 court records for at least four months, according to researchers. The database exposed the names of various people involved in sensitive criminal, domestic-abuse or child-custody court cases.

Researchers from Website Planet (in conjunction with security researcher Jeremiah Fowler) alleged the database was owned by Cook County, home to the city of Chicago and which has 5.1 million residents (making it t second most populous county in the U.S., behind Los Angeles county).

The researchers discovered the database on Sept. 26, and notified the Cook County CTO of the exposure soon after. However, the database remained publicly exposed until this week on Monday, when it was secured and public access was restricted.

“Nearly every record contained some form of personally identifiable information (PII) such as full names, home addresses, email addresses, case numbers and private details about the cases,” said researchers with Website Planet on Tuesday. “Based on the potentially sensitive PII exposed, it was clear that this data was not meant to be public.”

The database appeared to be an internal record-management system, which was comprised of detailed data about the status of, or issues with, various cases.

A redacted view of the database. Credit: Website Planet

It’s unclear which specific part of the county managed the database (Threatpost has reached out to Website Planet for further comment). Cook County’s website lists the Clerk of the Circuit Court as being in charge of court records and archives, child-support assistance, divorce records and court eFilings.

The exposed court records, which were dated between 2012 to 2020, exposed both case plaintiffs and defendants “in a tone that was clearly aimed for internal use only and should not have been publicly exposed,” said researchers.

Wrapped up in the database were files labeled “IMM,” that researchers believed to be various immigration court records; including various email addresses (related to USCIS accounts, which are used for citizenship and immigration services) and various court records that included names, case numbers, and case notes about the status or progress of the case (for instance, if the client needed a translator).

Researchers said they presume these court documents were part of a specialized department or case workers within the Cook County courts who assisted those who did not speak English or who needed some type of help from the court.

Also part of the database were various criminal-court records (labeled CRI) and family-court cases (labeled FAM). These could include cases pertaining to divorce (including child custody and visitation), domestic violence, the Child Protection Division (which handles protecting minors from abuse) and the Juvenile Justice Division (which handles crimes by minors).

Verdict: Big Cyberattacks Possible

Researchers said that if accessed by malicious actors, this database would be “a gold mine” for spear-phishing and phishing campaigns, blackmail, identity theft and other nefarious activities.

For instance, scammers could target immigrants whose PII was part of the database, threatening deportation unless a ransom is paid. They could also blackmail families that they would leak their private information – relating to divorce or domestic abuse –if a ransom were not paid.

Unprotected databases continue to expose various types of sensitive information across the internet. Earlier in January, a misconfigured ElasticSearch database exposed more than 400GB of public and private profile data for 214 million social-media users from around the world – including details for celebrities and social-media influencers in the U.S. and elsewhere. And in September, a cloud misconfiguration at gaming-gear merchant Razer potentially exposed 100,000 customers to phishing and fraud.

Threatpost has reached out to Cook County for comment.

Download our exclusiveFREE Threatpost Insider eBook Healthcare Security Woes Balloon in a Covid-Era World, sponsored by ZeroNorth, to learn more about what these security risks mean for hospitals at the day-to-day level and how healthcare security teams can implement best practices to protect providers and patients. Get the whole story andDOWNLOAD the eBook now** – on us!**