Skip to main content
Advertising

Originally published May 9, 2013 at 8:08 PM | Page modified May 9, 2013 at 10:01 PM

  • Share:
           
  • Comments (14)
  • Print

State courts office hacked

The Washington state Administrative Office of the Courts was hacked in the past few months and up to 160,000 Social Security numbers and 1 million driver's license numbers may have been accessed during the data breach of its public website.

The Associated Press

Questions about the breach

State officials have set up a website and hotline to answer public questions about the break: http://www.courts.wa.gov/databreach and 1-800-448-5584.

Most Popular Comments
Hide / Show comments
scrumdog I'm not defending who ever's (supposed to be) in charge of security for the... MORE
Well, it is Adobe... A once great software company that's been reduced to a single cash... MORE
"The breach happened due to vulnerability in an Adobe Systems software program... MORE

advertising

OLYMPIA — The Washington state Administrative Office of the Courts was hacked sometime between last fall and February, and up to 160,000 Social Security numbers and 1 million driver’s license numbers may have been accessed during the data breach of its public website, officials said Thursday.

Court officials said they have only confirmed that 94 Social Security numbers were obtained and they don’t believe the larger number was compromised, but they wanted to alert the public to the possibility as a precaution.

The broader information “just happened to be on a server in an area that was accessed,’’ said Veronica Diseth, director of the courts’ information-services division.

The breach happened due to vulnerability in an Adobe Systems software program, ColdFusion, that has since been patched, court officials said. The hack happened sometime after September but wasn’t caught until February, they said.

Telephone and email messages were left for Adobe representatives seeking comment.

Mike Keeling, the Washington courts’ information-technology operations and maintenance manager, said officials were alerted to the breach by a business on the East Coast that had a similar intrusion.

“They recognized our information in their breach log,’’ Keeling said, which led them to install the patch provided by Adobe and start an investigation.

When court officials were first alerted to the breach, they believed all of the information accessed was public record, and didn’t think confidential information was taken, but after an investigation by the Multi-State Information Sharing and Analysis Center, the broader breach was confirmed last month, said courts spokeswoman Wendy Ferrell. Court officials said a law-enforcement agency also investigated the case but they declined to say which one. They said the investigation was concluded and there was no information on who might be to blame.

Keeling said he didn’t think the courts were a specific target.

“The hackers were probably opportunistic,’’ he said. “They were more than likely just fishing for data.’’

Ferrell said that once the breach was confirmed, it took additional time to go through the files and increase security to the website, which is why there was a lag in notifying the public. The 94 known names breached are being contacted by letter, she said. The rest of the people who are potentially affected come from a defined group:

• Those booked into a city or county jail within the state of Washington between September 2011 and December 2012 may have had their name and Social Security number accessed.

• Names and driver’s license numbers may have been obtained from people who received a DUI citation in Washington state between 1989 through 2011, had a traffic case in Washington filed or resolved in a district or municipal court between 2011 and 2012, or had a Superior Court criminal case in Washington state that was filed against them or resolved between 2011 and 2012.

Keeling acknowledged that confidential information should have been kept in a different area.

“I can say nothing more than it was an oversight on our part,’’ he said.

Keeling said officials have added a number of additional security measures, including isolating anything that could be sensitive into more protected areas, implementing code to prevent hackers from getting to other parts of a server, and new encryption rules.

Ferrell said no one from the Administrative Office of the Courts or any court in Washington state will be asking for personal information over the phone or via email related to the breach.

State officials have set up a website and hotline to answer public questions about the break: http://www.courts.wa.gov/databreach and 1-800-448-5584.

Michael Cockrill, the state’s chief information officer, said security experts have determined there were no breaches at state agencies, which are on a separate network.

Cockrill said Gov. Jay Inslee has directed his office and Consolidated Technology Services in the executive branch to assist the Office of the Courts to enhance the security of its judicial data.

Washington state Court Administrator Callie Dietz said that if any of the 94 people who are contacted by the court request credit monitoring, “we certainly will provide whatever we can do for them.’’

News where, when and how you want it

Email Icon

Hurry! Last two weeks to save 15%.

Hurry! Last two weeks to save 15%.

Reserve your copy of "The Seattle Sketcher," the long-awaited book by staff artist Gabriel Campanario, for the special price of just $29.95.

Advertising

Partner Video

Advertising

The Seattle Times photographs

Seattle space needle and mountains

Purchase The Seattle Times images

Career Center Blog

Career Center Blog

How to tame an unruly resume


Advertising
The Seattle Times

The door is closed, but it's not locked.

Take a minute to subscribe and continue to enjoy The Seattle Times for as little as 99 cents a week.

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited seattletimes.com content access is included with most subscriptions.

Subscriber login ►