Washington State system hacked, data of thousands at risk

SEATTLE Thu May 9, 2013 7:19pm EDT

A man types on a computer keyboard in Warsaw in this February 28, 2013 illustration file picture. REUTERS/Kacper Pempel/Files

A man types on a computer keyboard in Warsaw in this February 28, 2013 illustration file picture.

Credit: Reuters/Kacper Pempel/Files

Related Topics

SEATTLE (Reuters) - The website for the Washington State court system has been hacked and up to 160,000 Social Security numbers and a million driver's license numbers may have been accessed, officials said on Thursday.

The disclosure, which follows a number of major hacking incidents in recent years that have targeted a range of companies from Twitter to Apple Inc, raises concerns that the information accessed could be used to commit financial fraud.

The breach was discovered in February, and officials at first believed no confidential information had been leaked even though a large amount of data was downloaded from the website, the Washington State Administrative Office of the Courts said.

But officials later determined that 94 Social Security numbers were definitely obtained by the person or group that committed the security breach, while 160,000 Social Security numbers and a million driver's license numbers may have been accessed.

"The access occurred through a ‘back door' part of a commercial software product we were using, and it is patched now," Mike Keeling, information technology operations and maintenance manager for the court system, told reporters on a conference call.

"We found specific (hacker) footprints in the area where those 94 Social Security numbers were located, so that's why we're reasonably sure that the data was accessed," he said.

Callie T. Dietz, the state's court administrator, said this was the first time the agency's system had been hacked. Officials were notifying by mail the 94 people whose Social Security numbers were accessed from the site.

"We regret that this breach has occurred and we have taken immediate action to enhance the security of these sites," Dietz said separately in a statement.

The people whose names and Social Security numbers might be at risk are those who were booked into a city or county jail in the state from September 2011 to December 2012, officials said.

The breach could also have exposed the driver's license numbers of people charged in the state's superior court criminal system between 2011 and 2012, the statement said.

Anyone who received a driving under the influence citation from 1989 to 2011 or had a traffic case filed or resolved in a district or municipal court between 2011 and 2012 might also be at risk, officials said.

No financial data such as credit card numbers was maintained on the court website, so officials said there was no risk of that information being accessed directly through the breach.

The breach was the latest in a series of hacks. In one prominent case, Cody Kretsinger of LulzSec, an offshoot of hacking group Anonymous, last year pleaded guilty in federal court in Los Angeles to taking part in a computer breach of Sony Pictures Entertainment that prosecutors say caused over $600,000 in damages. Last month, he was sentenced in California to a year in prison.

(Reporting by Elaine Porterfield; Writing by Alex Dobuzinskis; Editing by Cynthia Johnston, Leslie Adler and Richard Chang)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (6)
50cal wrote:
“no confidential information was leaked even though a large amount of data was downloaded from the website”

Really? Social Security Numbers and Drivers’ License Numbers by Name is not considered confidential information? The Feds need to jump in here and investigate but I doubt they will since Murray, Inslee, and Cantwell are on obama’s protected persons list.

May 09, 2013 4:24pm EDT  --  Report as abuse
Slammy wrote:
We hook computer up so this data can be accessed by anyone, anywhere, anytime and then we are surprised this happens. The internet was designed to be for the open sharing of information and computer engineers have been trying to figure out how to lock it down ever since it became popular. Still a long way to go.

May 09, 2013 5:27pm EDT  --  Report as abuse
ClaudeM wrote:
50cal, you need to get off the politics and stick to the point here; none of these politicians have anything to do with the sloppy IT management that let this happen.

May 09, 2013 6:05pm EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.