Tyler Technologies is scrambling to patch a critical vulnerability in its jury management systems after TechCrunch discovered the flaw exposed sensitive personal data of jurors across at least a dozen US states. The bug allowed anyone to brute-force access to names, addresses, phone numbers, and even health information through a simple numerical guessing attack.
A devastating security flaw in Tyler Technologies jury management platforms has left thousands of potential jurors' personal information exposed across the United States, TechCrunch has learned exclusively. The vulnerability affects at least a dozen court systems spanning California, Illinois, Michigan, Nevada, Ohio, Pennsylvania, Texas, and Virginia.
The attack method was surprisingly simple. Jurors receive sequential numerical identifiers to access their portals, but Tyler's systems lacked basic rate-limiting protections. This meant anyone could systematically guess login credentials by trying consecutive numbers, eventually gaining access to complete juror profiles.
"A vulnerability exists where some juror information may have been accessible via a brute force attack," Tyler spokesperson Karen Shields confirmed to TechCrunch after the company was alerted on November 5th.
The exposed data goes far beyond basic contact information. TechCrunch viewed a Texas county portal containing full names, birth dates, occupations, email addresses, cell numbers, and both home and mailing addresses. But the real privacy nightmare lies in the jury questionnaires themselves.
These mandatory forms collect intensely personal details: ethnicity, education level, employer information, marital status, number of children, citizenship status, and criminal history. The system also captured medical exemption requests, potentially exposing sensitive health conditions that jurors believed would disqualify them from service.
The timing couldn't be worse for Tyler Technologies, which serves as the backbone for government operations across thousands of jurisdictions. The company's software manages everything from court records to tax collection, making it a prime target for cybercriminals seeking personal data.
This incident marks Tyler's second major security failure in just two years. In 2023, researchers discovered Tyler's Case Management System Plus exposed sealed court documents, witness testimony, mental health evaluations, and trade secrets across Georgia's court system. That breach also affected competitors Catalis and Henschen & Associates.
