A recent discovery has shed light on vulnerabilities in a popular tool used by state and local governments to manage public records requests. The tool, called GovQA and designed by IT services provider Granicus, contained flaws that could have allowed hackers to access unsecured files containing highly sensitive personal information.

The vulnerabilities, which have since been fixed, could have enabled hackers to not only download troves of unsecured files tied to records inquiries, but also to trick the system into letting individuals edit or change the metadata of records requests without administrators knowing.

Independent cybersecurity researcher Jason Parker uncovered these flaws and reported them to Granicus and the Cybersecurity and Infrastructure Security Agency (CISA). While Granicus has confirmed that the vulnerabilities did not result in a breach of their systems, the potential risk posed by these flaws is significant.

The flaws in the GovQA platform could have exposed personal information such as IDs, fingerprints, child welfare documentation, and medical reports. These vulnerabilities were centered on access to data within anonymous Freedom of Information Act requests, allowing bad actors to obtain personally identifying verification information submitted by requesters.

The company has taken steps to address the vulnerabilities and is working with customers to minimize the information collected and disclosed in the records request process. Despite Granicus assessing the vulnerabilities as “low severity,” cybersecurity experts have expressed concerns about the potential impact of these flaws.

The discoveries made by Parker highlight the ongoing challenges faced by state and local governments in securing sensitive data. The incidents also underscore the importance of implementing robust cybersecurity measures to protect sensitive information from being exploited by malicious actors.


Full Stack Developer

About the Author

I’m passionate about web development and design in all its forms, helping small businesses build and improve their online presence. I spend a lot of time learning new techniques and actively helping other people learn web development through a variety of help groups and writing tutorials for my blog about advancements in web design and development.

View Articles