Data breach at Washington State courts exposes info on 1 million people

The breach itself may have been even older – officials said that they’re not sure when the compromise happened. Washington State Administrative Office of the Courts warned that anyone who had been booked into a city or county jail between September 2011 and December 2012 could be at risk.

The good news is that hackers had no access to financial information, but identity theft is another matter. In addition to the SSNs that are known to have been stolen, the group of those whose driver’s license numbers and names were exposed is much larger:

  • If you received a DUI citation in Washington State between 1989 through 2011; or
  • If you had a traffic case in Washington State filed or resolved in a district or municipal court between 2011 through 2012; or
  • If you had a superior court criminal case in Washington State filed against you or resolved between 2011 through 2012

“Once the breach was discovered, [we] took immediate action to further secure the environment and begin investigation and analysis into the depth and severity of the breach,” the Washington State AOC said in a statement. “In addition, AOC collaborated with the Washington State Consolidated Technology Services (CTS) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) for internet security, who provided valuable information in determining the scope of this security breach.”

The MS-ISAC is a focal point for cyber threat prevention, protection, response and recovery for the nation’s state, local, territorial and tribal governments. Its security operations center provides real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification, and mitigation and incident response.

“AOC has implemented significant security enhancements to ensure that our systems and data are secure and to prevent the potential for future compromise,” the court system added.

Meanwhile, Adobe is planning to issue a ColdFusion patch next week, but that may not address the vulnerability that the hackers used in this case. The patch will fix a vulnerability that affects several versions of ColdFusion running on Windows, Unix and Mac OS X, which can be used by a remote attacker to retrieve files that are stored on infected servers.

“There are reports that an exploit for this vulnerability is publicly available. ColdFusion customers who have restricted public access to the CFIDE/administrator, CFIDE/adminapi and CFIDE/gettingstarted directories (as outlined in the ColdFusion 9 Lockdown Guide and ColdFusion 10 Lockdown Guide) are already mitigated against this issue,” Adobe said in its advisory.

What’s Hot on Infosecurity Magazine?