State’s Office of the Courts public website hacked

OLYMPIA, Wash. — The Washington state Administrative Office of the Courts was hacked sometime between last fall and February, and up to 160,000 Social Security numbers and 1 million driver’s license numbers may have been accessed during the data breach of its public website, officials said Thursday.

Court officials said they have only confirmed that 94 Social Security numbers were obtained and they don’t believe the larger number was compromised, but they wanted to alert the public to the possibility as a precaution.

The broader information “just happened to be on a server in an area that was accessed,” said Veronica Diseth, director of the courts’ information services division.

The breach happened due to vulnerability in an Adobe Systems Inc. software program, ColdFusion, that has since been patched, court officials said. The hack happened sometime after September but wasn’t caught until February, they said.

Telephone and email messages were left for Adobe representatives seeking comment.

Mike Keeling, the courts’ information technology operations and maintenance manager, said officials were alerted to the breach by a business on the East Coast that had a similar intrusion.

“They recognized our information in their breach log,” Keeling said, which led them to install the patch provided by Adobe and start an investigation.

When court officials were first alerted to the breach, they believed all of the information accessed was public record, and didn’t think confidential information was taken, but following an investigation by the Multi-State Information Sharing and Analysis Center, the broader breach was confirmed in April, said courts spokeswoman Wendy Ferrell.

Court officials said a law enforcement agency also investigated the case but they declined to say which one. They said the investigation was concluded and there was no information on who might be to blame.

Keeling said he didn’t believe the courts were a specific target.

“The hackers were probably opportunistic,” he said. “They were more than likely just fishing for data.”

Ferrell said that once the breach was confirmed, it took additional time to go through the files and increase security to the website, which is why there was a lag in notifying the public. The 94 known names breached are being contacted by letter, she said. The rest of the people who are potentially affected come from a defined group:

•Those booked into a city or county jail within the state of Washington between September 2011 and December 2012 may have had their name and Social Security number accessed.

Names and driver’s license numbers may have been obtained from people who received a DUI citation in Washington state between 1989 through 2011, had a traffic case in Washington filed or resolved in a district or municipal court between 2011 and 2012, or had a superior court criminal case in Washington state that was filed against them or resolved between 2011 and 2012.

Keeling acknowledged that confidential information should have been kept in a different area, “and now they are.”

“I can say nothing more than it was an oversight on our part,” he said.

Keeling said officials have added a number of additional security measures, including isolating anything that could be sensitive into more protected areas, implementing code to prevent hackers from getting to other parts of a server, and new encryption rules.

Ferrell said no one from the Administrative Office of the Courts or any court in Washington state will be asking for personal information over the phone or via email related to the breach.

State officials have set up a website and hotline to answer public questions about the break: http://www.courts.wa.gov/databreach and 1-800-448-5584.

Michael Cockrill, the state’s chief information officer, said security experts have determined there were no breaches at state agencies, which are on a separate network.

“Cybersecurity and cyberterrorism attacks continue to rise in number and sophistication every year, affecting the private and public sector, and countless individuals,” Cockrill said in a written statement. “The AOC data breach is a sobering reminder for every branch and every level of government that protection of personal and confidential data entrusted to government is a paramount responsibility.”

Cockrill said Gov. Jay Inslee has directed his office and Consolidated Technology Services in the executive branch to assist the Office of the Courts to enhance the security of its judicial data.

Washington state Court Administrator Callie Dietz said that if any of the 94 people who are contacted by the court request credit monitoring, “we certainly will provide whatever we can do for them.”

More in Local News

Longboarders from near and far hit the trail in Arlington

The Centennial Sk8 Festival was serious competition for some and just for fun for others.

Signs show the rates for using the express toll lanes for traffic headed southbound on Interstate 405, Tuesday, Feb. 16, 2016, in Bothell, Wash. Gov. Jay Inslee announced plans Tuesday to try to decrease congestion on I-405 in answer to commuter complaints that the new express lane tolling system is making traffic worse. The governor said he would not be shutting down the tolling system as some people have called for. But the state transportation department is making plans to add new northbound general purpose lanes to ease some of the congestion and also plan to make it easier to move into and out of the express lanes. (AP Photo/Elaine Thompson)
After a 2-year trial, are I-405’s toll lanes here to stay?

Lawmakers will decide whether to keep them or end the experiment and try something else.

Weary drivers using toll lanes say they have little choice

Congestion continues to be a tedious reality for commuters on I-405, which is as clogged as ever.

Council passes six-month moratorium on safe injection sites

Proposal by County Councilman Nate Nehring passed unanimously.

Terrace woman held following collision in Everett

The three occupants in vehicle were transported to a local hospital in serious condition.

Information sought on drive-by shooting in Everett

Debris from an apparent crash, evidence of gunfire found in the 2800 block of California Street.

Crews recover body of man who fell over Wallace Falls

The area where the man fell is called Sky Valley Lookout, 2.4 miles from the parking lot.

Herald photos of the week

A weekly collection of The Herald’s best images by staff photographers and… Continue reading

This week’s Herald Super Kid is Nathan Nicholson of Snohomish High School. (Dan Bates / The Herald)
‘The future is biotech,’ but for now he’s busy with everything

Snohomish senior Nathan Nicholson is a student leader and media master.

Most Read