Donate
Kevin Riford
What began as a routine search through Niagara County’s online court records turned into something far more disturbing: the discovery that Social Security numbers — were publicly accessible through the county’s online database.
I wasn’t hacking anything. I wasn’t bypassing security. I simply used the system exactly as it was intended to be used.
The records were available through Niagara County’s Search IQS system, an online portal used to access public court filings. Like many Americans, I assumed social security numbers inside these records would already be redacted before becoming publicly accessible. That assumption turned out to be dangerously wrong.
source: “Personal Access Prompts County Records Change.” Yahoo News, 21 May 2026, https://www.yahoo.com/news/personal-access-prompts-county-records-111900926.html
While reviewing filings, I discovered documents containing unredacted Social Security numbers. The information was visible to anyone with access to the records system. No special privileges. No advanced technical knowledge. Just a search bar and publicly available documents.
After realizing what I had found, I contacted local media outlets to bring attention to it. The goal was simple: force immediate action before more people’s social security numbers were exposed.
Soon after the issue became public, Niagara County officials restricted online access to criminal court records and acknowledged that sensitive data had been exposed. County officials stated they found no evidence of a cyberattack or intentional breach but confirmed that improperly redacted filings had made their way into the system.
For years, privacy advocates and cybersecurity experts have warned that county databases often contain social security numbers buried inside PDFs, scanned filings, and court submissions.
The result is a quiet but widespread vulnerability hiding in plain sight.
What happened in Niagara County should serve as a warning to every municipality operating online public records systems. If one county’s database contained exposed social security numbers how many others do too?
Public access to government records is important. Transparency matters. But transparency should never come at the expense of exposing hundreds of social security numbers.
This issue deserves more than temporary fixes and public reassurances. It requires independent audits, stronger redaction standards, automated detection systems for social security numbers, and accountability from both software vendors and public agencies.
I am left wondering how many people Niagara County actually notified that their social security number was compromised. I found hundreds of exposed social security numbers and documented this for journalistic purposes. Below are just a few, but there are many, many more. I’ve redacted the social security numbers.
I found the problem by accident. The next person might not report it. ‘
While I have hundreds of examples, below are just a few.
Example 1.)
Pictured: Niagara County District Attorney’s Office fails to redact social security number of Townsend
Example 2.)
Pictured: Niagara County Sheriff’s Office fails to redact social security number of Tracy and Demler.
Example 3.)
Pictured: Niagara County fails to redact social security number of Hopkins.
Example 4.)
Pictured: Niagara County fails redact social security number of Donner.
Example 5.)
Pictured: Niagara County again fails to redact social security number of Sullivan.
Example 6.)
Pictured: Niagara County once again fails redact the social security number, this time of Tomasino.
Example 7.)
Example 8.)
