Hackers breached Washington state court with Adobe ColdFusion flaw

Hackers breached Washington state court with Adobe ColdFusion flaw

Summary: Hackers used Adobe software to stage a data breach that left up to 160,000 Social Security numbers exposed.

SHARE:
3

Hackers used a flaw in Adobe's ColdFusion software to breach Washington state's Administrative Office of the Courts.

The hackers may have accessed as many as 160,000 Social Security numbers and up to one million drivers license numbers, according to a statement by the court on Thursday.

The court has only confirmed that 94 Social Security numbers were definitely taken, however, and believes the breach occurred sometime between last autumn and February this year, according to Associated Press. It also confirmed the breach happened due to a flaw in Adobe's web application platform, ColdFusion. 

The court has released details of the breach here. However, the site is currently 'down for scheduled maintenance'.

Anyone that was booked into a city or county jail in Washington state between September 2011 and December 2012 may have had their Social Security numbers exposed. The driver's license numbers of people charged with driving offenses in the state's superior court criminal system between 2011 and 2012 could also have been exposed.

The court discovered the hack in February and has since patched its Adobe software.

While Adobe's Reader and Flash, along with Java, still remain the top targets for exploit kits, hackers appear to be targeting ColdFusion with greater frequency.

Adobe this week released its fourth security update in 2013 for critical flaws in ColdFusion. It was the third patch this year which followed reports that new ColdFusion vulnerabilities were being exploited in the wild. Adobe only released four patches for ColdFusion during 2012. 

Topics: Security, Government US

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Adobe, Adobe....

    Your products are so dopey.
    JustCallMeBC
  • Maybe compatible products are safer?

    Maybe Washington is better choosing compatible products like Railo, BlueDragon or OpenBD that are more secure and open.
    lorenzosjb
  • The answer is to protect the sensitive data

    The answer is to protect the sensitive data. How could "The hackers may have accessed as many as 160,000 Social Security numbers and up to one million drivers license numbers". Current regulations are requiring this type of data to be protected.

    More information is available at
    http://www.slideshare.net/ulfmattsson/protecting-phi-and-pii-hipaa-challenges-and-solutions-privacy-vs-cost

    Ulf Mattsson, CTO Protegrity
    ulf.mattsson@...