On Thursday, May 9, the Washington State Administrative Office of the Courts (AOC) announced that a security breach occurred on its public website -- a discovery that was made in late February and early March.
The AOC states on its website that no court records were altered and no personal financial information, such as bank account numbers or credit card numbers, is maintained on the site -- but up to 160,000 Social Security numbers and 1 million driver's license numbers may have been compromised.
“We regret that this breach has occurred," Washington State Court Administrator Callie T. Dietz told the Mercer Island Reporter, "and we have taken immediate action to enhance the security of these sites.”
The AOC also began an investigation to analyze the impacts and "undertake significant security enhancements to prevent further compromise," according to its website.
Those potentially affected by the breach include individuals who were booked into a city or county jail in the state between September 2011 and December 2012; received a DUI citation between 1989 and 2011; had a traffic case filed or resolved in a district or municipal court in 2011 or 2012; or had a superior court criminal case filed against them or resolved in 2011 or 2012.
After discovering the breach, the AOC worked with the Washington State Consolidated Technology Services (CTS) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) for Internet security, which it says "provided valuable information in determining the scope of this security breach."
In addition, Washington Gov. Jay Inslee asked the Office of the Chief Information Officer and CTS to help the AOC enhance the security of data under judicial branch control, state CIO Michael Cockrill said in a statement.
"Cybersecurity and cyberterrorism attacks continue to rise in number and sophistication every year, affecting the private and public sector, and countless individuals," he said. "The AOC data breach is a sobering reminder for every branch and every level of government, that protection of personal and confidential data entrusted to government is a paramount responsibility."