Criminal, Domestic Violence Case Info Exposed in Leak

cook county court data breach

A database has exposed since at least September that contained sensitive criminal and family-court records related to Cook County, Ill.


A non-password protected database exposed 323,000 court records for at least four months, according to researchers. The database exposed the names of various people involved in sensitive criminal, domestic-abuse or child-custody court cases, related to a county in Illinois.

Researchers from Website Planet (in conjunction with security researcher Jeremiah Fowler) said they don’t know who owns the exposed database in question. The data is related to Cook County, home to the city of Chicago and which has 5.1 million residents (making it the second most populous county in the U.S., behind Los Angeles county), they said.

“On January 29th, 2021, the Cook County Bureau of Technology reached out to us to inform us that the server did not belong to the Cook County government,” said researchers with Website Planet in an update on Jan. 31. “The owner of the server was still unknown as of that day.”

The researchers discovered the database on Sept. 26. The database remained publicly exposed until this week on Monday, when it was secured and public access was restricted

“Nearly every record contained some form of personally identifiable information (PII) such as full names, home addresses, email addresses, case numbers and private details about the cases,” said researchers “Based on the potentially sensitive PII exposed, it was clear that this data was not meant to be public.”

The database appeared to be an internal record-management system, which was comprised of detailed data about the status of, or issues with, various cases.

Cook county database leak

A redacted view of the database. Credit: Website Planet

The exposed court records, which were dated between 2012 to 2020, exposed both case plaintiffs and defendants “in a tone that was clearly aimed for internal use only and should not have been publicly exposed,” said researchers.

Wrapped up in the database were files labeled “IMM,” that researchers believed to be various immigration court records; including various email addresses (related to USCIS accounts, which are used for citizenship and immigration services) and various court records that included names, case numbers, and case notes about the status or progress of the case (for instance, if the client needed a translator).

Researchers said they presume these court documents were part of a specialized department or case workers within the Cook County courts who assisted those who did not speak English or who needed some type of help from the court.

Also part of the database were various criminal-court records (labeled CRI) and family-court cases (labeled FAM). These could include cases pertaining to divorce (including child custody and visitation), domestic violence, the Child Protection Division (which handles protecting minors from abuse) and the Juvenile Justice Division (which handles crimes by minors).

Verdict: Big Cyberattacks Possible

Researchers said that if accessed by malicious actors, this database would be “a gold mine” for spear-phishing and phishing campaigns, blackmail, identity theft and other nefarious activities.

For instance, scammers could target immigrants whose PII was part of the database, threatening deportation unless a ransom is paid.  They could also blackmail families that they would leak their private information – relating to divorce or domestic abuse –if a ransom were not paid.

Unprotected databases continue to expose various types of sensitive information across the internet. Earlier in January, a misconfigured ElasticSearch database exposed more than 400GB of public and private profile data for 214 million social-media users from around the world – including details for celebrities and social-media influencers in the U.S. and elsewhere. And in September, a cloud misconfiguration at gaming-gear merchant Razer potentially exposed 100,000 customers to phishing and fraud.

This article was updated on Feb. 1 to reflect updates to the researchers’ report. The report erroneously alleged that Cook county owned the database. The report was updated to say that the current owner of the database is unknown.

Download our exclusive FREE Threatpost Insider eBook Healthcare Security Woes Balloon in a Covid-Era World, sponsored by ZeroNorth, to learn more about what these security risks mean for hospitals at the day-to-day level and how healthcare security teams can implement best practices to protect providers and patients. Get the whole story and DOWNLOAD the eBook now – on us!

Suggested articles