SEATTLE (Reuters) - The website for the Washington State court system has been hacked and up to 160,000 Social Security numbers and a million driver’s license numbers may have been accessed, officials said on Thursday.
The disclosure, which follows a number of major hacking incidents in recent years that have targeted a range of companies from Twitter to Apple Inc, raises concerns that the information accessed could be used to commit financial fraud.
The breach was discovered in February, and officials at first believed no confidential information had been leaked even though a large amount of data was downloaded from the website, the Washington State Administrative Office of the Courts said.
But officials later determined that 94 Social Security numbers were definitely obtained by the person or group that committed the security breach, while 160,000 Social Security numbers and a million driver’s license numbers may have been accessed.
“The access occurred through a ‘back door’ part of a commercial software product we were using, and it is patched now,” Mike Keeling, information technology operations and maintenance manager for the court system, told reporters on a conference call.
“We found specific (hacker) footprints in the area where those 94 Social Security numbers were located, so that’s why we’re reasonably sure that the data was accessed,” he said.
Callie T. Dietz, the state’s court administrator, said this was the first time the agency’s system had been hacked. Officials were notifying by mail the 94 people whose Social Security numbers were accessed from the site.
“We regret that this breach has occurred and we have taken immediate action to enhance the security of these sites,” Dietz said separately in a statement.
The people whose names and Social Security numbers might be at risk are those who were booked into a city or county jail in the state from September 2011 to December 2012, officials said.
The breach could also have exposed the driver’s license numbers of people charged in the state’s superior court criminal system between 2011 and 2012, the statement said.
Anyone who received a driving under the influence citation from 1989 to 2011 or had a traffic case filed or resolved in a district or municipal court between 2011 and 2012 might also be at risk, officials said.
No financial data such as credit card numbers was maintained on the court website, so officials said there was no risk of that information being accessed directly through the breach.
The breach was the latest in a series of hacks. In one prominent case, Cody Kretsinger of LulzSec, an offshoot of hacking group Anonymous, last year pleaded guilty in federal court in Los Angeles to taking part in a computer breach of Sony Pictures Entertainment that prosecutors say caused over $600,000 in damages. Last month, he was sentenced in California to a year in prison.
Reporting by Elaine Porterfield; Writing by Alex Dobuzinskis; Editing by Cynthia Johnston, Leslie Adler and Richard Chang