Data Security

Nearly 39M legal records leaked by misconfigured database

Share
Cyber law, digital justice scales

California-based legal support services company Rapid Legal had more than 38.6 million records exposed by a misconfigured database that lacked any password protection, according to Hackread.

Further investigation of the leaked 38 TB dataset revealed links to another storage repository with 89,475 records belonging to backend technology provider Legal Connect, which shares the same parent firm as Rapid Legal, a report by cybersecurity researcher Jeremy Fowler published on vpnMentor found. Included in the exposed data were case documents, notices, filed documents, declarations, exhibit evidence, receipts, judgments, and case files between 2009 and 2024, as well as a "Payments" folder with 737,389 .jsn files containing names, addresses, and the last four digits of credit card numbers. Nearly 146,000 signed customer service deals have also been leaked. All exposed databases had already been secured, said Fowler, who also noted that there has been no indication of any misuse of the compromised information so far.