Up to a million driver's licences may have been stolen along with 160,000 Social Security Numbers after attackers leveraged a previously patched Adobe software bug to access the Washington state Administrative Office of the Courts (AOC) website.
Court officials have so far confirmed 94 Social Security numbers were compromised.
Spokeswoman Wendy Ferrell told SC a previously patched vulnerability in Adobe's ColdFusion application server was used to carry out the attack.
Adobe fixed the weakness that was exploited in January.
That patch actually addressed four ColdFusion vulnerabilities (CVE-2013-0625, CVE-2013-0629, CVE-2013-0631 and CVE-2013-0632), all of which could permit an unauthorised user to remotely bypass authentication controls to take over the targeted server.
Ferrell did not say which of the defects was used.
Coincidentally, a day before the breach was revealed, Adobe disclosed that it was aware of live exploits targeting a yet-unpatched ColdFusion vulnerability.
Those affected by the breach either were booked into a city or county jail in the state between September 2011 and December 2012, received driving under the influence (DUI) citations between 1989 through 2011, had traffic cases filed between 2011 and 2012, or had a superior court criminal case filed against them or resolved between 2011 and 2012.
Adobe recommended users update their software to the latest version available.