US data breach exposes 160,000 social security numbers

Vulnerability in Adobe ColdFusion app server used to break into official system

A cyber attack on servers operated by the Washington state court system has exposed data belonging to around a million members of the US public, including 160,000 social security numbers.

The attackers used a vulnerability in Adobe's ColdFusion app server to get access to the data, which also included full names and drivers' licence numbers.

According to Threatpost, US officials are unsure when the breach occurred, although they believe it to have been since September last year. It is believed to have occurred in two separate incidents, which were discovered in February and March of this year.

"Once the breach was discovered, AOC [Administrative Office of the Courts] took immediate action to further secure the environment and begin investigation and analysis into the depth and severity of the breach. In addition, AOC collaborated with the Washington State Consolidated Technology Services (CTS) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) for internet security, who provided valuable information in determining the scope of this security breach. MS-ISAC is a focal point for cyber threat prevention, protection, response and recovery for the nation's state, local, territorial and tribal governments. The MS-ISAC 24×7 cyber security operations center provides real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification, and mitigation and incident response. AOC has implemented significant security enhancements to ensure that our systems and data are secure and to prevent the potential for future compromise," the court system said in a statement on its site.

Officials have warned that anyone who had been booked into a city or county jail in Washington between September 2011 and December 2012 is at risk for having their social security number affected by the breach.

Adobe intends to patch a vulnerability on ColdFusion next week, but it has not clarified whether this is the same security hole as that exploited by the attackers in this case.