In a significant cybersecurity revelation, critical vulnerabilities were discovered in the GovQA platform, a tool extensively used by state and local governments across the U.S. to manage public records requests.
Independent researcher Jason Parker uncovered flaws that, if exploited, could have allowed hackers to access and download troves of unsecured files connected to public records inquiries. These files often contain highly sensitive personal information, including IDs, fingerprints, child welfare documentation, and medical reports.
The vulnerabilities in the GovQA platform, designed by IT services provider Granicus, have since been addressed with a patch deployed on Monday. However, the potential consequences of these flaws were severe. If exploited, hackers could have gained access to personally identifiable information submitted by individuals making public records requests.
This information, often including driver’s licenses and other verification documents, could be linked to the subjects of the requests, posing a significant privacy and security risk.
Granicus, responding to the findings, emphasized that the vulnerabilities did not constitute a breach of Granicus systems, GovQA, or any other part of applications or infrastructure.
The company classified the vulnerabilities as “low severity” but acknowledged the need to work
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: