This story is a pen test gone wrong, so somewhat different, but illustrates some of the same failure modes.

https://www.darkreading.com/vulnerabilities-threats/dark-rea...

More info here:

https://iowacapitaldispatch.com/2023/06/23/lawsuit-over-auth...

Oh, this is a rabbit hole. As far as I can tell the pentesters' suit against the sheriff is still ongoing, but back in Iowa courts. The federal court's ruling is ... not good [1]:

1) The court found that the county sheriff had the pentesters arrested and encouraged their prosecution _not_ because he believed there was any crime, but instead that was angry at some state official. (Which, y'know, sounds like a pretty serious civil rights violation.)

2) However, the civil rights / 4th amendment claims were dismissed by the federal court due to "qualified immunity", the doctrine where, in any sufficiently "unique" or "specific" situation, the police have no liability whatsoever for their actions [2].

[1] https://storage.courtlistener.com/recap/gov.uscourts.iasd.84... [2] https://en.wikipedia.org/wiki/Qualified_immunity

Thanks for finding the court docs!

Darknet Diaries has an episode on this (#59), with interviews from the parties involved.

https://www.youtube.com/watch?v=Y0AbHKcIQxk

https://darknetdiaries.com/episode/59/

Not prison but in Germany someone was fined last year because he reported a plaintext password inside an EXE: https://www.heise.de/en/news/Modern-Solution-Court-of-Appeal... The company in questions is the Modern Solution GmbH & Co. KG.