Skip to content

19 U.S. government and court platforms exposed to cyberattacks

  • by
  • 3 min read

Photo: Katrin Bolovtsova | Pexels

A recent string of cybersecurity vulnerabilities in the United States has exposed severe weaknesses in 19 digital platforms, including Inmate Management, Court Case Management Plus, and CMS360, which are used by government agencies and courts to manage sensitive public records and legal documents. These flaws allow attackers to easily access and manipulate confidential information, raising serious concerns about the security of personal data and the integrity of the judicial process in the country.

These government platforms, crucial in managing everything from public records to legal filings, are designed to ensure transparency and trust. However, such security flaws across these systems suggest a much darker reality.

The vulnerabilities highlight that attackers — often with minimal technical skill — could compromise personal data, legal filings, and even voters’ rights, casting doubt on the reliability of these platforms.

From weak access controls to poor input validation, various issues make these platforms highly vulnerable. In multiple instances, platforms relied on predictable user IDs or inadequate authentication steps, enabling attackers to escalate their privileges, view confidential data, or later legal filings.

A glaring example comes from Georgia, where the state’s voter registration cancellation portal allowed attackers to submit requests using basic public information, such as name and birthdate.

With no additional safeguard in place, voter registrations could be canceled, compromising citizens’ privacy and voting rights.

Another troubling vulnerability was in Granicus GovQA, a widely used platform for managing public records. Attackers could reset passwords without verifying user identities and even manipulate web addresses to gain access to usernames and email addresses.

These exploits could give attackers control over sensitive documents and lock legitimate users out, raising concerns about unauthorised changes to public records.

The Thomson Reuters C-Track eFiling system, used in court systems, also exhibited dangerous flaws. By manipulating specific fields during the registration process, attackers could elevate their status to that of a court administrator, giving them access to sensitive legal data.

Similar vulnerabilities were found across court systems in Florida. Attackers could access restricted court records by guessing document IDs or manipulating cookies.

The exposed data included sealed documents, mental health evaluations, and witness lists.

Another vulnerability in Arizona Maricopa County, the Superior Court eFiling system allowed attackers to exploit API endpoints, accessing restricted legal documents by simply guessing user IDs.

Similarly, platforms like Catalis EZ-Filing, used across Georgia and South Carolina, revealed personal details such as names, addresses, and contact information. In some cases, attackers could even access sealed court documents, including highly sensitive mental health reports.

Currently, there is no indication that these flaws are being exploited in the wild, reports ArsTechnica.

“Fixing these issues requires more than just patching a few bugs. It calls for a complete overhaul of how security is handled in court and public record systems,” says the security researcher. “To prevent attackers from hijacking accounts or altering sensitive data, robust permission controls must be immediately implemented, and stricter validation of user inputs enforced.”

Organisations should do regular security audits and penetration testing, adopt multi-factor authentication, and provide adequate training to IT staff.

Here is a full list of all 19 affected platforms:

No.VendorPlatform
1BluHorseInmate Management
2Tyler TechnologiesCourt Case Management Plus
3CatalisCMS360
4HenschenCaseLook
5Brevard County, FloridaIn-house
6Hillsborough County, FloridaIn-house
7Lee County, FloridaIn-house
8Monroe County, FloridaIn-house
9Sarasota County, FloridaIn-house
10GranicuseFiling
11GranicusGovQA
12CatalisEZ-Filing v3
13CatalisEZ-Filing v4
14Maricopa County, ArizonaeFiling
15NYPDOfficer Profile Portal
16GranicuseFiling
17Thomson ReutersC-Track
18GranicusGovQA
19Georgia Secretary of StateVoter Cancellation

In the News: Microsoft Defender can now detect unsecure WiFi networks

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

>