Hackers breached Washington state court with Adobe ColdFusion flaw

Hackers used Adobe software to stage a data breach that left up to 160,000 Social Security numbers exposed.
Written by Liam Tung, Contributing Writer

Hackers used a flaw in Adobe's ColdFusion software to breach Washington state's Administrative Office of the Courts.

The hackers may have accessed as many as 160,000 Social Security numbers and up to one million drivers license numbers, according to a statement by the court on Thursday.

The court has only confirmed that 94 Social Security numbers were definitely taken, however, and believes the breach occurred sometime between last autumn and February this year, according to Associated Press. It also confirmed the breach happened due to a flaw in Adobe's web application platform, ColdFusion. 

The court has released details of the breach here. However, the site is currently 'down for scheduled maintenance'.

Anyone that was booked into a city or county jail in Washington state between September 2011 and December 2012 may have had their Social Security numbers exposed. The driver's license numbers of people charged with driving offenses in the state's superior court criminal system between 2011 and 2012 could also have been exposed.

The court discovered the hack in February and has since patched its Adobe software.

While Adobe's Reader and Flash, along with Java, still remain the top targets for exploit kits, hackers appear to be targeting ColdFusion with greater frequency.

Adobe this week released its fourth security update in 2013 for critical flaws in ColdFusion. It was the third patch this year which followed reports that new ColdFusion vulnerabilities were being exploited in the wild. Adobe only released four patches for ColdFusion during 2012. 

Editorial standards