Redaction seems simple: cover the sensitive parts with a black box and share the document. But that assumption has caused some of the most embarrassing — and costly — information leaks in recent legal, government, and corporate history. Redaction failures are not rare edge cases. They are a recurring, well-documented problem.
These failures almost always share the same root cause: someone placed a visual overlay on top of sensitive text without permanently removing the underlying data from the file. The result looks redacted to the naked eye, but the information remains fully accessible to anyone who knows where to look — or simply tries to copy and paste.
Below are seven real-world redaction failures examples that illustrate exactly how this happens, what went wrong technically, and what the consequences were. If you handle sensitive documents, these cases are required reading.
What happened: Beginning in late 2024 and continuing into 2025, hundreds of court documents related to Jeffrey Epstein were unsealed and released to the public. Researchers and journalists quickly discovered that many of the "redacted" portions could be read simply by selecting the text with a cursor or copying it into a text editor. Names, addresses, and other identifying details that were supposed to be hidden were still embedded in the PDF files — they were just covered by black rectangles drawn on top of the text layer.
What went wrong technically: The documents used annotation-based overlays rather than true PDF redaction. The original text remained in the file's data structure. A PDF viewer displays the black box on top, but the text underneath is still selectable, searchable, and copyable. Anyone with a PDF reader could extract it in seconds.
What it cost: The failure drew international headlines and deeply embarrassed the legal teams and courts responsible for the documents. It also caused real harm to individuals whose names were exposed despite court orders protecting their privacy. The incident became a widely cited example of institutional incompetence around document security.
We have covered this case in depth in our article: The Epstein Documents Redaction Failure: A Case Study in Why Proper PDF Security Matters.
What happened: In 2014, The Intercept published a leaked NSA document describing Russian interference in the 2016 U.S. election. The document had been provided by Reality Winner, a government contractor. The NSA document itself was not the problem — but the way it was handled during publication was. The Intercept printed the document and scanned it back as an image to obscure its origin. However, the document contained faint machine-print dots — a steganographic watermark used by government printers — that allowed investigators to identify the specific printer and, through that, the individual who printed it. Winner was arrested days after publication.
What went wrong technically: This case illustrates a different kind of redaction failure: metadata and hidden data embedded in the physical document format itself. The publisher assumed that scanning and re-imaging the document would strip all identifying information. It did not. Machine identification codes (MICs), also called printer steganography or yellow dots, are invisible to the naked eye but readable under blue light or with image processing software. No standard redaction process removes them.
What it cost: Reality Winner was sentenced to five years and three months in federal prison — the longest sentence ever handed down for leaking classified information to a journalist at that time. The failure to understand how the document format itself carried identifying data had catastrophic personal consequences.
What happened: During the high-profile patent litigation between Apple and Samsung, Samsung filed court exhibits containing financial data that had been redacted. Specifically, the filing was meant to conceal the royalty rates Samsung paid to Nokia, Ericsson, Qualcomm, and other companies under patent licensing agreements. The redactions failed. The royalty figures — representing some of the most commercially sensitive data in the smartphone industry — were readable underneath the visual overlays.
What went wrong technically: The same mechanism as the Epstein documents: black boxes drawn over a PDF's text layer without removing the underlying content. The text remained in the file structure and could be extracted by selecting it. Because this was a court filing available to the public, the information became widely accessible before the error was caught.
What it cost: The exposed royalty rates gave competitors and the public a detailed map of Samsung's licensing cost structure — information worth tens of millions of dollars in negotiating leverage. Samsung was forced to refile the documents and suffered significant embarrassment. The incident also reinforced how dangerous sloppy document handling is in high-stakes litigation.
What happened: A partially declassified Office of Legal Counsel (OLC) memo — related to the legal justifications for targeted killing of U.S. citizens overseas — was released with certain portions redacted. Researchers examining the PDF metadata discovered that the document properties, revision history, and other embedded metadata contained traces of the redacted content, effectively making portions of the "hidden" text recoverable through forensic examination of the file itself.
What went wrong technically: PDF documents carry metadata that is separate from the visible content layer: document properties such as author, title, subject, keywords, creation tool, revision notes, and in some cases tracked changes or comments. When a document is redacted visually but the metadata is not scrubbed, sensitive information can persist in these hidden fields. This is a particularly insidious form of redaction failure because it does not require any special knowledge of PDF rendering — it just requires looking at the file properties.
What it cost: The specific metadata exposure provided researchers and journalists additional details about the scope and authorship of the legal memos underlying U.S. drone strike policy — classified material the government had fought to keep secret. The incident is frequently cited in legal and information security circles as a reminder that true document sanitization requires metadata scrubbing, not just visual redaction.
What happened: This is arguably the most dramatic courtroom redaction failure in recent U.S. legal history. In January 2019, attorneys for Paul Manafort filed a court document responding to Special Counsel Robert Mueller's allegation that Manafort had lied to investigators. The filing contained sections that appeared to be redacted with black boxes. Within hours of the filing becoming public, journalists and online researchers discovered that the text under the black boxes could be copy-pasted directly into a text editor. The hidden content revealed that Manafort had shared polling data with Konstantin Kilimnik — a Ukrainian political consultant assessed by the U.S. Senate Intelligence Committee as a Russian intelligence officer — during the 2016 presidential campaign.
What went wrong technically: The defense team used a word processor or PDF editor to draw black rectangles over the sensitive text, then converted the document to PDF without applying true content removal. The text layer was fully intact. This is a textbook example of annotation-overlay redaction failure, and it happened at the highest levels of federal litigation.
What it cost: The exposure became international news overnight. It provided the clearest public evidence to date of contact between the Trump campaign and Russian intelligence-linked figures. It was a catastrophic unforced error for the defense team and contributed to the broader public understanding of the Mueller investigation's findings.
What happened: In December 2009, the Transportation Security Administration accidentally published its Standard Operating Procedures manual online. The 93-page document described security screening protocols, including which types of individuals receive expedited screening, what items are exempt from standard checks, and specific details about how screeners handle law enforcement officers, diplomats, and foreign nationals. Portions of the manual were "redacted" with black overlays. Those overlays were not true redactions. The text underneath was fully extractable.
What went wrong technically: The same PDF overlay problem. The TSA had presumably intended to release a public version of the document with certain operational details removed. Instead, they released a version where those details were visually obscured but structurally intact. Security researchers extracted the hidden text within hours of the document appearing online.
What it cost: The document was taken down quickly, but not before it had been downloaded, mirrored, and widely distributed. Security experts noted that the exposure provided a detailed roadmap for evading TSA screening protocols. The incident triggered a Congressional inquiry into TSA document handling and became a fixture in information security training materials as an example of how not to handle sensitive operational documents.
What happened: Consider a scenario that plays out in corporate legal and procurement departments regularly: a company is negotiating a vendor agreement and needs to share a draft contract with a third party. The internal draft contains pricing tiers, penalty clauses, and margin data that the company does not want the vendor to see at this stage. A paralegal opens the PDF in Preview on a Mac, draws black boxes over the sensitive sections, and emails it to the vendor's legal team.
The vendor's attorney opens the document, selects the text underneath one of the black boxes out of curiosity, and pastes it into a notes document. The pricing structure is fully visible. The negotiation dynamics shift immediately.
What went wrong technically: This is the same mechanism as every other case in this list. Annotation overlays do not remove content. They are visual elements layered on top of the text, not replacements for it. Any PDF viewer that supports text selection will allow a user to select and copy text that lies beneath a drawn shape, because the shape and the text exist on separate layers of the document structure.
What it cost: In this scenario, the company loses its negotiating advantage, potentially costing it significant contract value. In real-world cases of this type, the consequences range from awkward renegotiations to litigation over misrepresentation, depending on the nature of the exposed information and the jurisdiction.
Across all seven cases, two distinct failure modes emerge:
Type 1: Visual overlay without content removal. This is the most common failure. A shape — usually a black rectangle — is drawn on top of sensitive text in a PDF editor. The shape is visible, the text beneath it is not. But the text remains in the file's data structure and can be extracted by anyone who selects it. Cases 1, 3, 5, 6, and 7 all fall into this category. This failure is entirely preventable with proper redaction tools that permanently delete the underlying content before saving the file.
Type 2: Hidden data in metadata, formatting, or the physical document format. This is the less understood but equally dangerous failure. Even when visible content is properly removed, PDFs and other documents carry embedded metadata — author names, revision histories, document properties, comments, tracked changes — that can expose sensitive information independently of the visible text. Case 4 demonstrates metadata exposure. Case 2 demonstrates steganographic data embedded in the physical print format itself. Preventing this type of failure requires comprehensive document sanitization: stripping metadata, removing revision history, and in some cases converting the document to an image-only format to eliminate all structured data.
Understanding which type of failure you are most at risk for depends on how you create, handle, and share documents. For most organizations, Type 1 failures are the primary risk — and they are entirely avoidable.
The pattern across these cases is consistent enough to yield clear, actionable guidance.
Never use drawing tools for redaction. Black rectangles, highlight shapes, and annotation tools in PDF viewers are not redaction tools. They create a visual layer over content without removing it. If your PDF editor does not have a dedicated "Apply Redactions" or "Burn Redactions" function that permanently deletes the underlying content, it is not adequate for sensitive document handling. See our guide on how to redact a PDF on Mac without Adobe for a breakdown of which tools actually work.
Verify your redactions before sharing. After applying redactions, try to select the text in the redacted areas. Use Cmd+F on Mac or Ctrl+F on Windows to search for the sensitive terms. If you can find or select anything, the redaction did not work. This test takes thirty seconds and would have prevented every Type 1 failure on this list.
Scrub document metadata. Before sharing any document, review and remove metadata: author names, company names, document revision history, comments, and tracked changes. Most professional PDF tools include a "Sanitize Document" or "Remove Hidden Information" function for exactly this purpose.
Understand your redaction method's limitations. Not all redaction approaches are equal. Blurring, pixelation, and black-box overlays each have different security properties and different failure modes. Our article on blur vs. pixelate vs. black out: which redaction method protects your data covers the technical differences in detail.
Use purpose-built redaction software. The single most reliable way to avoid the failures documented in this article is to use software that is specifically designed to remove content permanently — not paint over it. On macOS, BlurData handles this automatically: it applies native PDF redaction that deletes the underlying content from the file structure, scrubs metadata, and provides visual confirmation of every redacted area. Your documents never leave your Mac, so there is no cloud exposure risk.
The cases above range from national security incidents to routine contract negotiations. What they share is that the consequences were entirely preventable. A source went to prison. A company's proprietary financials became public. A defense attorney handed prosecutors a gift. A federal agency exposed its own security playbook.
In each case, the person who applied the redaction believed they had done it correctly. The black boxes looked right. The document looked secure. It was not.
Proper redaction is not complicated once you understand the mechanism. The text must be removed from the file, not covered. Metadata must be stripped. And the result must be verified before sharing. BlurData makes this the default behavior on macOS — automatic detection of sensitive content, permanent removal, and one-click operation that requires no technical expertise.
The seven cases in this article are the ones that made headlines. For every public failure, there are thousands of quiet ones: contracts shared with the wrong parties, personnel records with visible names, court filings with extractable testimony. The mechanism is always the same. So is the fix.
Download BlurData and redact documents the way that actually works. Available exclusively at blurdata.app.