A Public Court Docket Exposed a Social Security Number
Discovered by a Civilian, Still Online After Notice
By Aaron Knapp
Investigative Journalist
Founder and Editor, Unplugged with Knapp
Knapp Unplugged Media LLC
What Was Found and Why It Matters
This story is not about repeating sensitive personal information. It is about documenting a failure of basic data stewardship by a public institution entrusted with some of the most sensitive information citizens are ever required to provide. It is about how that information was made publicly accessible through a government system and remained accessible even after the court was notified of the exposure.
An anonymous source contacted us after independently reviewing publicly available records through the Lorain County Clerk of Court’s online e-services docket system. While browsing older criminal cases, the source observed something that should never appear on a public website. A full nine digit Social Security number was displayed in plain text as part of a publicly accessible docket entry, visible without authentication, restriction, or warning.
The issue is not the number itself. The issue is that a government-operated system exposed it to the public at all.
We are not publishing the number. We will not reproduce it. That decision is deliberate. Reprinting a Social Security number, even in the course of reporting on its improper disclosure, would be unethical and would extend the very harm this story documents.
According to the source, this was not an isolated incident. After encountering the first exposure, they continued reviewing similar cases and reported that the same issue appeared elsewhere. As the source stated plainly, without embellishment or inference, “there were others.”
Context Matters: Why This Is Not a Minor Error
It is impossible to view this exposure in isolation from Lorain County’s broader public records practices.
For years, residents, journalists, and advocates have been told that records cannot be released because of speculative privacy concerns, security rationales, or administrative burden. Requests have been delayed, denied, or heavily redacted over materials far less sensitive than a full Social Security number. In some cases, records have been withheld on the assertion that disclosure might create risk, even when the law clearly favors release.
That is what makes this incident so stark.
Here, the most sensitive identifier a person can be compelled to provide was placed in plain view on a public court docket and remained there not only for years, but for hours after the court was notified. No balancing test was applied. No immediate lockout occurred. No emergency response was evident.
If the County can deny or delay records requests over hypothetical harm, while simultaneously allowing actual harm to persist in its own systems after notice, then the issue is not capacity. It is prioritization.
This is not a question of whether mistakes happen. It is a question of why extraordinary caution is invoked to block public oversight, while extraordinary urgency was absent when real people were placed at real risk.
From the public’s perspective, that contradiction is difficult to reconcile. From a governance perspective, it is unsustainable.The Case and the Time Frame
The screenshots reviewed for this article identify the case as State of Ohio v. Rodney N.J.A. Pluck, Lorain County Court of Common Pleas case number 00CR056847.
The case was filed on November 7, 2000. The docket reflects multiple miscellaneous hearings spanning late 2000 and early 2001, after which the matter was closed. On its face, this is an old case, one that should have long since faded into administrative history.
It did not.
The docket also reflects an expungement event in May 2019, a critical fact that fundamentally changes how this record should have been handled. Expungement is not merely a procedural footnote. It is an affirmative legal act intended to remove or restrict access to case information and to prevent continued public exposure of records tied to the case.
Despite that expungement, the public docket continued to display an entry dated November 7, 2000 labeled as “SSN Information” that included a full Social Security number associated with a party in the case and visible through the Clerk of Court’s publicly accessible online portal.
The fact that a full Social Security number remained publicly visible nearly two decades after the case closed and years after an expungement is the failure that matters.
Again, we are deliberately not reproducing the number. The exposure itself is the story.
How This Was Found
This exposure was not identified by the Lorain County Clerk of Court. It was not detected through any automated safeguard designed to prevent the release of protected personal information. It was not flagged during the expungement process, despite the purpose of expungement being to restrict continued public access to case data. It was not uncovered through any internal audit or compliance review.
It was discovered by a civilian.
The source was not conducting an investigation on behalf of the court, was not performing a technical audit, and did not have privileged access. They were doing exactly what members of the public are encouraged and entitled to do, browsing publicly available court records through the county’s own online docket system. In the course of that routine review, they encountered a full Social Security number displayed in plain text on a public docket entry.
Recognizing the seriousness of what they were seeing, the source notified the court. That action was responsible and appropriate. However, notification alone does not reverse the harm already caused by public disclosure.
Once sensitive personal data is made available on the open internet, it cannot be un-seen. It cannot be reliably un-copied. It cannot be fully removed from caches, archives, or third-party indexing systems. The exposure occurs at the moment of public availability, not at the moment of later correction.
Update: As of 9:45 PM Yesterday, the Information Remained Publicly Accessible
This story requires an explicit update because the circumstances materially changed after the court was notified.
After notice was given regarding the public exposure of a Social Security number on a court docket, the record was checked again at 9:45 PM yesterday. At that time, the sensitive information was still publicly accessible through the Lorain County Clerk of Court’s online system.
That fact is not incidental. It is dispositive.
At that point, this ceased to be a legacy data issue discovered long after the fact. It became an active and ongoing exposure continuing after the responsible public office had actual notice of the problem.
The timestamp matters because it marks the point at which the exposure was no longer accidental, but persisted through inaction.
Once a public office is aware that protected personal information is being disclosed through its systems, the failure is no longer passive or historical. Each additional hour the information remains visible compounds the harm and increases the risk of misuse, copying, caching, or third-party indexing.
Why This Likely Occurred
The structure and formatting of the docket entry strongly indicate that this exposure resulted from legacy data handling practices, not a recent clerical mistake or isolated keystroke error.
In the late 1990s and early 2000s, it was common for courts to store Social Security numbers and other sensitive identifiers directly within internal case management systems for administrative tracking and identity verification. Those systems were designed for closed internal use. They were not built with public internet access in mind, and they did not distinguish cleanly between internal data fields and information intended for public display. Party identifiers, backend notes, and docket text were often functionally interchangeable.
When legacy case data is later migrated or made viewable through a public-facing web portal without a comprehensive retrospective redaction review, those internal fields can surface exactly as they were entered decades earlier. The system does not recognize the sensitivity of the data because, at the time it was created, it was never meant to be seen outside the courthouse.
One detail visible in the screenshots is especially telling, the use of internal party identifiers rather than public-facing labels. That is a hallmark of backend database content being rendered directly to the public interface without sufficient filtering or masking. It points to a system-level failure, not a one-off human error.
The presence of a 2019 expungement makes this failure more serious, not less. Expungement is intended to remove or meaningfully restrict public access to case information. The continued public display of a Social Security number years after an expungement strongly suggests that the expungement process affected case status metadata while leaving legacy docket text untouched.
“There Were Others” and What That Means
The anonymous source who provided the screenshots stated that the case discussed here was not the only instance in which they observed unredacted sensitive information while reviewing older court records through the Lorain County Clerk of Court’s public docket system.
At this time, we have independently verified the screenshots associated with the specific case described in this article. We have not published any Social Security numbers and will not do so. The decision not to reproduce those identifiers is deliberate and grounded in basic ethical reporting standards.
The source’s statement that “there were others” is not presented as a conclusive finding about the full scope of the problem. It is presented as a credible observation made during routine public access to court records. That distinction matters. The statement does not accuse. It raises a question the institution itself is uniquely positioned to answer.
What that statement means in practical terms is this: if one publicly accessible docket from November 2000 contains an unredacted Social Security number, and that exposure persisted through an expungement and after notice, it is no longer reasonable to assume the issue is isolated. It becomes reasonable to suspect that similar exposures may exist in other legacy cases unless and until a comprehensive system-wide review has been conducted and disclosed.
The most significant implication is not how many instances may exist. It is that the discovery came from outside the institution. The exposure was not identified by an internal audit, a compliance review, or a technical safeguard. It was identified by a civilian doing nothing more than accessing public records as designed. That fact suggests a system that is reactive rather than preventive, and accountability that currently depends on the public noticing what the institution did not catch.
Implications of This Disclosure
Expungement may not mean erasure in practice. Many people reasonably believe that when a case is expunged, sensitive information tied to that case is removed from public view. This incident raises serious questions about whether expungement in Lorain County actually reaches legacy docket content or whether it merely changes a case status while leaving historical entries untouched.
Legacy systems can create present-day harm. The exposure appears tied to data practices from an earlier era when Social Security numbers were routinely entered into internal court systems. That history may explain the mechanism, but it does not excuse ongoing public exposure. When older records are made accessible through modern online portals, the obligation to review and redact protected information is a present-day responsibility.
Discovery by a civilian signals a control failure. The fact that this disclosure was discovered by a member of the public rather than through an internal audit or automated safeguard suggests a gap in oversight. Institutions that manage sensitive data are expected to identify and correct high-risk exposures proactively, not rely on outsiders to stumble across them.
Continued availability after notice changes the analysis. Once a public office has actual notice that protected personal information is being disclosed, urgency becomes part of accountability. Each additional hour of public availability increases the risk of harm and expands institutional exposure.
Trust depends on transparency after discovery. Mistakes can happen. Public trust is preserved or lost based on what an institution does after a failure is identified. Transparency about what went wrong, how many records were affected, and what corrective steps are being taken is the only path back to confidence.
What Has Not Yet Been Answered
How many cases are affected. It is unknown how many other public dockets may contain unredacted Social Security numbers or other protected identifiers. Without a system-wide review, the public cannot know whether this exposure was isolated or widespread.
How long the information was publicly accessible. There has been no disclosure regarding how long the sensitive identifier in this case was visible online. Duration matters because risk compounds over time.
Whether affected individuals have been notified. It is unclear whether the individual whose Social Security number was exposed has been notified. Notification is a basic component of responsible data handling when protected identifiers are involved.
Why expungement did not remove the identifier. The case reflects an expungement event in 2019, yet the sensitive identifier remained publicly visible afterward. No explanation has been provided for why expungement did not address legacy docket content or whether this is a known limitation of the system.
What safeguards exist to prevent recurrence. There has been no public explanation of what technical or procedural safeguards are in place to prevent similar disclosures in other cases, especially older ones.
How privacy breach reports are triaged and handled. The fact that the information remained online after notice raises questions about response protocols. It is not clear who receives such reports, how they are escalated, or what timeframe is considered acceptable for corrective action.
Whether a broader audit will be conducted. No public commitment has been made to conduct a comprehensive review of legacy dockets to identify and remediate similar exposures.
Closing Statement
Taken together, the facts documented here point to more than a historical oversight. They point to a failure of urgency, accountability, and basic risk management by a public institution entrusted with some of the most sensitive personal information residents are ever required to provide.
A Social Security number was publicly accessible on a Lorain County Court docket. It was discovered not by the court, not by an audit, not by an automated safeguard, but by a civilian reviewing public records online. The court was notified. Yet hours later, at 9:45 PM yesterday, the information remained publicly accessible.
Once a public office has actual notice that protected personal information is being disclosed through its systems, the obligation to act is immediate. This is not the kind of issue that can be deferred or treated as routine. Exposure of a Social Security number is a high-risk event. It demands an all-hands response precisely because delay increases harm and expands liability.
The potential ramifications are not hypothetical. They include civil litigation, statutory claims, and demands for injunctive relief. They also include the harder cost of eroded public trust. Courts depend on public confidence that sensitive information provided under compulsion of law will be safeguarded.
The broader concern is scope. The case discussed here dates back to November 2000. The source stated there were others. Absent a disclosed, system-wide audit of legacy dockets, there is no basis to assume this was isolated. If you had a case in Lorain County during the late 1990s or early 2000s, it is prudent to review your file and confirm what information is publicly visible today.
For individuals concerned that their Social Security number may have been exposed, options do exist. The Social Security Administration allows individuals to request a new Social Security number in limited circumstances, including situations involving documented misuse or ongoing risk of identity theft. This is not a step to be taken lightly, and it requires consultation and documentation, but for some, particularly where exposure may have persisted for many years, it may be a prudent safety measure.
People did not volunteer Social Security numbers to courts as a matter of convenience. They were required to provide them as a condition of participation in the justice system. That requirement created a corresponding duty to protect those identifiers indefinitely. The exposure documented here cannot be undone. What remains to be seen is whether it will be fully acknowledged, transparently addressed, and prevented from happening again.
Notice to Readers: Protecting Your Social Security Information
If you had a case in Lorain County Court during the late 1990s or early 2000s, particularly in criminal court, you may wish to review your case file through the Clerk of Court’s public docket system to confirm what information is currently visible.
If you believe your Social Security number may have been publicly disclosed, the Social Security Administration provides guidance and resources to help individuals protect themselves from identity theft and assess next steps. The SSA explains when and how a person may request a new Social Security number in limited circumstances, including situations involving ongoing risk or documented misuse. This is not a routine process and requires specific justification, but information is available directly from the SSA.
Official SSA resources:
Social Security Number and Identity Theft: https://www.ssa.gov/identitytheft
Requesting a New Social Security Number: https://www.ssa.gov/personal-record/change-name
Individuals may also consider placing a fraud alert or credit freeze with the major credit reporting agencies as an additional precaution. Guidance on these steps is available through the Federal Trade Commission at https://www.identitytheft.gov.
This notice is provided for informational purposes only. It is not legal advice. Readers with specific concerns should consult the Social Security Administration directly or seek advice from a qualified professional.
Editorial and Legal Disclosures
Ethical Reporting Notice. This article documents the public exposure of sensitive personal information through a government-operated system. No Social Security numbers or other protected personal identifiers are reproduced, quoted, or republished in this reporting. That decision is deliberate and grounded in ethical journalism standards. The issue addressed here is the existence and persistence of the exposure, not the contents of the identifier itself.
Source Disclosure. Screenshots referenced in this article were provided by an anonymous source who accessed publicly available court records through the Lorain County Clerk of Court’s online docket system. The source requested anonymity due to privacy and safety concerns. The screenshots associated with the specific case discussed herein have been independently reviewed and verified for authenticity.
Verification and Scope Disclaimer. This reporting confirms the existence of the exposure in the case identified and documents the continued public availability of the information after notice was given to the court. Statements regarding the possible existence of additional instances are attributed to the source and are presented as observations, not as a definitive accounting of scope. No claim is made as to the total number of affected cases absent an official audit or disclosure.
Legal Context Disclaimer. This article is informational and journalistic in nature. It does not constitute legal advice and should not be relied upon as such. Readers with specific legal questions or concerns should consult a qualified attorney or appropriate government agency.
Public Records Context. All observations described herein were made using publicly accessible court records available through official government systems. No unauthorized access, scraping, or circumvention of safeguards was used in the discovery or verification of the information discussed.
Institutional Response Disclaimer. As of publication, no formal public explanation has been issued addressing the scope of the exposure, the duration of availability, or the corrective actions taken beyond acknowledgment of notice. This article will be updated if additional verified information becomes available.
AI Image Disclosure. Some illustrative images used in connection with this article or its promotion may include AI-generated or AI-assisted imagery. Such images are used solely for illustrative purposes and do not depict real individuals, actual events, or specific court personnel unless explicitly stated.
Copyright and Republishing Notice. © 2026 Knapp Unplugged Media LLC. All rights reserved. This article may not be republished, reproduced, or redistributed in whole or in part without attribution and written permission, except for brief quotations used with proper citation.
About The Author
