A recent discovery has revealed a security vulnerability in the jury management systems created by Tyler Technologies, which are used by various U.S. states. The flaw exposed sensitive personal information of jurors, including their names, addresses, emails, and phone numbers. According to TechCrunch, the vulnerability allowed easy access to this data through several publicly accessible websites designed for managing juror information across the U.S. and Canada.
The issue, brought to light by a security researcher, highlighted that multiple juror websites operated by Tyler Technologies were at risk due to a common flaw in the platform. These affected sites spanned states such as California, Illinois, Michigan, Nevada, Ohio, Pennsylvania, Texas, and Virginia.
Tyler Technologies promptly responded to the matter after being informed, stating that they are actively working to address the vulnerability and enhance security measures across their platforms. The flaw in the system allowed unauthorized individuals to access details of selected jurors by exploiting the login process, which lacked proper rate-limiting controls.
The exposed information included jurors’ personal details like full names, dates of birth, occupations, contact details, and even responses from qualification questionnaires. This incident underscores the critical importance of robust security protocols in managing sensitive data within legal systems.
Source: TechCrunch