Vertafore data breach exposed data of 27.7 million Texas drivers

Vertafore announced that information of 27.7 million Texas drivers has been exposed in a data breach caused by a human error.

Vertafore announced that information of 27.7 million Texas drivers has been accidentally exposed due to a human error. The company disclosed this security breach this week, data was stored on an unsecured external storage service and they were accessed by an external party.

Exposed data included Texas driver license numbers, names, dates of birth, addresses, and vehicle registration histories. The company pointed out that the data breach did not expose Social Security numbers or financial account information.

“Vertafore recently determined that as a result of human error, three data files were inadvertently stored in an unsecured external storage service that appears to have been accessed without authorization.” states the data breach notification published by the software provider.

“The files, which included driver information for licenses issued before February 2019, contained Texas driver license numbers, as well as names, dates of birth, addresses and vehicle registration histories. They did not contain any Social Security numbers or financial account information. No information misuse has been identified.”

The incident took place on March 11, and the data were secured on August 1. The company launched an investigation into the incident that confirmed that the files had been accessed by an unauthorized third party.

The exposed files contained information on driver’s licenses issued before February 2019, such kind of data was held by the company through its insurance rating software product.

The company confirmed that no customer data or any other data belonging to partners, vendors, or other suppliers were impacted.

The investigation is still ongoing, Vertafore hired a prominent firm intelligence firm to determine if the data have been abused by threat actors.

At the time of writing, there is no indication of data abuses or misuses.

The company reported the incident to relevant authorities including the Texas Attorney General, the Texas Department of Public Safety, the Texas Department of Motor Vehicles, and federal law enforcement.

Vertafore is also notifying Texas drivers whose data was exposed in the security breach, it is offering them one year of free credit monitoring and identity restoration services.

“You may enroll in the free credit monitoring and identity restoration services. Additionally, although no financial information was impacted, it is always a good idea to remain vigilant, to review your account statements and to monitor your credit reports.” concludes the data breach notice.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Vertafore)

[adrotate banner=”5″]

[adrotate banner=”13″]