1. Forum
  2. USENET
  3. alt.privacy

  • Bug in jury systems used by several US states exposed sensitive personal data

    From Nomen Nescio@nobody@dizum.com to alt.comp.os.windows-10, alt.privacy, alt.privacy.anon-server, comp.os.linux.advocacy on Sat Nov 29 11:00:00 2025
    From Newsgroup: alt.privacy

    Several public websites designed to allow courts across the United States
    and Canada to manage the personal information of potential jurors had a
    simple security flaw that easily exposed their sensitive data, including
    names and home addresses, TechCrunch has exclusively learned.

    A security researcher, who asked not to be named for this story, contacted TechCrunch with details of the easy-to-exploit vulnerability, and
    identified at least a dozen juror websites made by government software
    maker Tyler Technologies that appear to be vulnerable, given that they run
    on the same platform.

    The sites are all over the country, including California, Illinois,
    Michigan, Nevada, Ohio, Pennsylvania, Texas, and Virginia.

    * * *

    This is not the first time Tyler left sensitive personal data exposed on
    the internet. In 2023, a security researcher found that, due to a separate security flaw, some U.S. online court record systems exposed sealed, confidential, and sensitive data, such as witness lists and testimony,
    mental health evaluations, detailed allegations of abuse, and corporate
    trade secrets.

    In that case, Tyler fixed vulnerabilities in its Case Management System
    Plus product, which was used across the state of Georgia.

    Two other government technology providers were exposing data in that case: Catalis, through its CMS360 product, a system used across several U.S.
    states; and Henschen & Associates, through its CaseLook court record
    system, used in Ohio.

    https://techcrunch.com/2025/11/26/bug-in-jury-systems-used-by-several-us- states-exposed-sensitive-personal-data/

    * * *

    Tyler Technologies Ransomware Attack: $1.5M In Lost Revenue


    Government software and IT service provider Tyler Technologies ($TYL) lost about $1.5 million in services revenue because of a ransomware attack in September, the company disclosed in its Q3 2020 earnings report on
    November 4.

    MSSP Alert first reported details about the Tyler Technologies ransomware attack on September 25. After the attack, Tyler Technologies warned that
    some of its customers had reported suspicious logins, Reuters notes.

    Tyler hired third-party cybersecurity investigators to assist with the recovery efforts, though the government software provider did not disclose digital forensics firm(s) by name or any specific MSSP (managed security services provider) engagements.

    Tyler provides software services for everything from jail and court
    management systems to payroll, human resources, tax and bill collection
    and land records, the Associated Press notes. Amid the attack, Tyler was
    quick to point out that none of its products are a system of record for
    voting or election-related activities.

    https://www.msspalert.com/news/tyler-technologies-recovery-details

    --- Synchronet 3.21a-Linux NewsLink 1.2