Hackers used a flaw in Adobe’s ColdFusion software to violate the Washington State Courts Administrative Office.
Hackers may have accessed 160,000 social security numbers and up to one million driver’s license numbers, according to a court statement Thursday.
The court only confirmed that 94 Social Security numbers were definitely taken, however, and believes the violation occurred between last fall and February of this year, according to the Associated Press. He also confirmed that the breach occurred due to a flaw in Adobe’s web application platform, ColdFusion.
The court published details of the violation here. However, the site is currently “out of service for scheduled maintenance”.
Anyone who was incarcerated in a city or county jail in Washington state between September 2011 and December 2012 may have had their social security number exposed. The driver’s license numbers of those charged with driving offenses in the state’s superior court criminal system between 2011 and 2012 could also have been disclosed.
The court discovered the hack in February and has since patched its Adobe software.
While Adobe Reader and Flash, along with Java, remain the primary targets for exploit kits, hackers seem to target ColdFusion with greater frequency.
Adobe released its fourth security update in 2013 this week for critical vulnerabilities in ColdFusion. This was the third patch this year following reports of new ColdFusion vulnerabilities being exploited in the wild. Adobe only released four hotfixes for ColdFusion in 2012.