The state of Washington’s Administrative Office of the Courts was hacked and the personal information of over 1 million people was exposed. The data, including 160,000 social security numbers and 1 million driver’s license numbers, was accessed sometime between last fall and February. So far the actual theft of only 94 social security numbers has been confirmed. The breach is blamed on a security flaw in Adobe’s ColdFusion program, and the office was alerted to the breach by a company on the east coast that had also been hacked.
“They recognized our information in their breach log,” Mike Keeling, the courts’ IT manager, said. “The hackers were probably opportunistic. They were more than likely just fishing for data.”
Once alerted, the flaw was located and quickly patched. They were able to determine that most of the people affected belong to one of two groups:
Individuals booked into a city or county jail within the state of Washington between September 2011 and December 2012 may have had their name and Social Security number accessed.
Names and driver’s license numbers may have been obtained from people who received a DUI citation in Washington state between 1989 through 2011, had a traffic case in Washington filed or resolved in a district or municipal court between 2011 and 2012, or had a superior court criminal case in Washington state that was filed against them or resolved between 2011 and 2012.
The office admitted they were not as careful as they should have been about protecting personal data and called it an oversight which has been corrected. There’s no information on what individual or group is responsible. Those in one of the groups affected are advised to watch their credit reports closely and alert the credit bureaus to protect themselves.
A website and hotline to answer public questions about the break have been set up: www.courts.wa.gov/databreach and 1-800-448-5584.