A public records website inadvertently published 260,000 confidential attorney discipline documents due to a security glitch within the State Bar of California’s case management system, not as a result of a malicious computer hack, officials said Monday.
The State Bar, in what was initially described as a “breach,” first discovered Friday that judyrecords.com had published the confidential documents along with about 60,000 public State Bar court cases.
The State Bar learned the documents were public after someone who had complained about an attorney told an investigator from its Office of Chief Trial Counsel about the judyrecords website. Judyrecords removed the documents on Saturday.
Judyrecords initially posted limited case profile information for approximately 260,000 nonpublic cases. The site owner has provided the State Bar with preliminary analytical data of its website traffic, showing that approximately 1,000 unique page views by the public.
“We are working closely with judyrecords to firmly identify the cases which were actually viewed,” the State Bar said in an email.
“It is now the State Bar’s belief that there was no malicious hack of its system,” the agency said in a statement. “Instead, it appears that a previously unknown security vulnerability in the Tyler Technologies Odyssey case management portal allowed the nonpublic records to be unintentionally swept up by judyrecords when they attempted to access the public records, using a unique access method. The State Bar is working with Tyler Technologies, the maker of the Odyssey system, to remediate the security vulnerability, which we believe may not be unique to the State Bar’s implementation and could impact other users of Odyssey systems.”
Tyler Technologies did not respond Monday to a request for comment.
The State Bar and judyrecords are working together to ensure that the nonpublic records are permanently purged from the site and that public records remain available.
The State Bar Court website allows the public to search for publicly available case information. However, state law requires that all attorney disciplinary investigations remain confidential until formal charges are filed…