"Flaws in Public Records Management Tool Could Let Hackers Nab Sensitive Data Linked to Requests"
According to Jason Parker, an independent cybersecurity researcher, a popular tool used by many state and local governments to manage public records requests had flaws that could have enabled hackers to download unsecured files associated with records inquiries, including personal information such as IDs, fingerprints, medical reports, and more. The vulnerabilities could have also let hackers trick the system into allowing individuals to edit or change the metadata of records requests without administrators' knowledge. The GovQA platform, designed by the Information Technology (IT) services provider Granicus, is a public records querying system used by hundreds of government management centers in the US to help offices sort records delivered to requesters via official public access channels. This article continues to discuss the discovery of vulnerabilities in the GovQA platform.
Submitted by grigby1