Court recording biz with clients EVERYWHERE has forums breached
Transcripts untouched thanks to forum and user password mismatch
Australian court transcription company "For The Record" – which bills itself as "The No.1 digital evidence recording platform in the world" and says its products are "used in courtrooms throughout North America, Europe and Asia" – has had its forum hacked.
The firm is used by the likes of the Victorian and NSW Supreme courts to record and archive session audio streams. Australia's Parliament uses the company's wares, as do many courts across the world.
The company told Vulture South the breach, in which some posts were accessed, did not affect its software, adding passwords are hashed with the albeit weak MD5 algorithm.
"The site’s registered users have been advised that some names and email addresses as well as forum posts on the site have been accessed by an unauthorised third party," the company said in a statement to The Register.
"The FTR (For The Record) production system, client data and financial information have not been compromised and remain fully operational.
"The FTR Community site has been taken off line while a full audit of security is conducted."
Members have been asked to reset passwords.
The breach sparked initial fears that sensitive court audio records could be exposed. It is unclear how the impact of user password re-use could affect the systems which offer encryption via AES 128 for audio files.
Shelston IP copyright lawyer Mark Vincent, while unfamiliar with the software, suggested the impact of any breach of recorded court audio in Australia could be restricted to instances where normal public transparency is confined, such as where media gag orders are applied.
The breach comes on the heels of a US$15 million investment by US public sector tech firm Tyler Technologies in Record Holdings.
The holdings firm also owns 'leading' Australian transcription company Auscript that records 2.2 million pages a year. Auscript is not impacted by the breach.
Concerned users should ensure passwords do not match those used on the forums. ®
Sponsored: Becoming a Pragmatic Security Leader