When court officials were first alerted to the breach, they believed all of the information accessed was public record, and didn’t think confidential information was taken, but following an investigation by the Multi-State Information Sharing and Analysis Center, the broader breach was confirmed in April, said courts spokeswoman Wendy Ferrell.
Court officials said a law enforcement agency also investigated the case but they declined to say which one. They said the investigation was concluded and there was no information on who might be to blame.
Keeling said he didn’t believe the courts were a specific target.
“The hackers were probably opportunistic,” he said. “They were more than likely just fishing for data.”
Ferrell said that once the breach was confirmed, it took additional time to go through the files and increase security to the website, which is why there was a lag in notifying the public. The 94 known names breached are being contacted by letter, she said. The rest of the people who are potentially affected come from a defined group:
— Those booked into a city or county jail within the state of Washington between September 2011 and December 2012 may have had their name and Social Security number accessed.
— Names and driver’s license numbers may have been obtained from people who received a DUI citation in Washington state between 1989 through 2011, had a traffic case in Washington filed or resolved in a district or municipal court between 2011 and 2012, or had a superior court criminal case in Washington state that was filed against them or resolved between 2011 and 2012.
Keeling acknowledged that confidential information should have been kept in a different area, “and now they are.”
“I can say nothing more than it was an oversight on our part,” he said.
Keeling said officials have added a number of additional security measures, including isolating anything that could be sensitive into more protected areas, implementing code to prevent hackers from getting to other parts of a server, and new encryption rules.
Ferrell said no one from the Administrative Office of the Courts or any court in Washington state will be asking for personal information over the phone or via email related to the breach.
State officials have set up a website and hotline to answer public questions about the break: http://www.courts.wa.gov/databreach and 1-800-448-5584.
Michael Cockrill, the state’s chief information officer, said security experts have determined there were no breaches at state agencies, which are on a separate network.
“Cybersecurity and cyberterrorism attacks continue to rise in number and sophistication every year, affecting the private and public sector, and countless individuals,” Cockrill said in a written statement. “The AOC data breach is a sobering reminder for every branch and every level of government that protection of personal and confidential data entrusted to government is a paramount responsibility.”
Cockrill said Gov. Jay Inslee has directed his office and Consolidated Technology Services in the executive branch to assist the Office of the Courts to enhance the security of its judicial data.
Washington state Court Administrator Callie Dietz said that if any of the 94 people who are contacted by the court request credit monitoring, “we certainly will provide whatever we can do for them.”
YOU MAY ALSO BE INTERESTED IN READING:
(© Copyright 2013 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.)