250 K legal documents leaked: Owner never identified


A database containing 257 287 legal documents with some marked “not publishable” was left open without a password, so that a treasure trove of sensitive legal material could be accessed and downloaded by anyone on the Internet.

The database, which was left on-line for about two weeks, contained unpublished legal documents concerning the US court proceedings. “Cases are from 2002-2010, from across the[ America],” Bob Diachenko, Security Discovery Director of Cyber Threat Intelligence.

The leaked files are usually documents exchanged between the lawyers and the court before official versions are filed. The database included both public and non-public versions, showing a full history of how certain cases developed. “Most of the documents are public, but about 30-40% is ‘unpublished opinions’ or ‘not published’,” Diachenko said.


not-for-publication-docscredit: Bob Diachenko (supplied sample)

Even today, the source of these files remains uncertain. Diachenko said that for this data he identified two possible leaks. The first is the Lex Machina, division of legal software giant LexisNexis, a research firm in intellectual property, while the second is LexSphere, a subdivision of LexVisio that offers the legal outsourcing services of law firms and legal departments.

Diachenko stated that in an incident report published today, he only notified Lex Machina about the leaky server, because he first believed that the server belonged to it before finding the possible link with LexVision.

Eventually, the database was secured weeks later, but the researcher has never received a response, and it is not yet clear to whom the database still belongs. It may well be possible that the owner of the database simply realized that the server was publicly available and secured behind a firewall, where most of these internal databases are usually maintained.

The data base at the center of the leak was a ElasticSearch server that has been at the center of many similar leaks in the past, a technology that powers advanced search systems.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.