Washington Court Data Breach Exposes 160K SSNs

ID THREATPOST:0D97C8129145C53D1311275E079D8E5F
Type threatpost
Reporter Dennis Fisher
Modified 2013-07-02T18:20:31


Attackers using a vulnerability in Adobe’s ColdFusion app server were able to compromise servers belonging to the Washington State court system sometime in the last few months and walked off with data belonging to as many as a million residents of the state. The attackers had access to 160,000 Social Security numbers and the driver’s license numbers and names of a million people.

Officials say they’re uncertain exactly when the breach occurred, although they believe it to have been sometime after September. The breach of the court system’s Web site occurred in two separate incidents, which were discovered in February and March of this year.

“Once the breach was discovered, AOC took immediate action to further secure the environment and begin investigation and analysis into the depth and severity of the breach. In addition, AOC collaborated with the Washington State Consolidated Technology Services (CTS) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) for internet security, who provided valuable information in determining the scope of this security breach. MS-ISAC is a focal point for cyber threat prevention, protection, response and recovery for the nation’s state, local, territorial and tribal governments. The MS-ISAC 24×7 cyber security operations center provides real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification, and mitigation and incident response. AOC has implemented significant security enhancements to ensure that our systems and data are secure and to prevent the potential for future compromise,” the court system said in a statement on its site.

The attackers had no access to financial information, but were able to access 160,000 SSNs. The court warned that anyone who had been booked into a city or county jail between September 2011 and December 2012 is at risk for having their SSN affected by the breach. The potential pool of people whose driver’s license numbers and names were accessed is much larger:

  • If you received a DUI citation in Washington State between 1989 through 2011; or
  • If you had a traffic case in Washington State filed or resolved in a district or municipal court between 2011 through 2012; or
  • If you had a superior court criminal case in Washington State filed against you or resolved between 2011 through 2012

Adobe is planning to patch a vulnerability on ColdFusion next week, but it’s not clear whether that is the same flaw that the attackers in this operation exploited.