Vertafore data breach exposed data of 27.7 million Texas drivers

Vertafore announced that information of 27.7 million Texas drivers has been exposed in a data breach caused by a human error.

Vertafore announced that information of 27.7 million Texas drivers has been accidentally exposed due to a human error. The company disclosed this security breach this week, data was stored on an unsecured external storage service and they were accessed by an external party.

Exposed data included Texas driver license numbers, names, dates of birth, addresses, and vehicle registration histories. The company pointed out that the data breach did not expose Social Security numbers or financial account information.

“Vertafore recently determined that as a result of human error, three data files were inadvertently stored in an unsecured external storage service that appears to have been accessed without authorization.” states the data breach notification published by the software provider.

“The files, which included driver information for licenses issued before February 2019, contained Texas driver license numbers, as well as names, dates of birth, addresses and vehicle registration histories. They did not contain any Social Security numbers or financial account information. No information misuse has been identified.”

The incident took place on March 11, and the data were secured on August 1. The company launched an investigation into the incident that confirmed that the files had been accessed by an unauthorized third party.

The exposed files contained information on driver’s licenses issued before February 2019, such kind of data was held by the company through its insurance rating software product.

The company confirmed that no customer data or any other data belonging to partners, vendors, or other suppliers were impacted.

The investigation is still ongoing, Vertafore hired a prominent firm intelligence firm to determine if the data have been abused by threat actors.

At the time of writing, there is no indication of data abuses or misuses.

The company reported the incident to relevant authorities including the Texas Attorney General, the Texas Department of Public Safety, the Texas Department of Motor Vehicles, and federal law enforcement.

Vertafore is also notifying Texas drivers whose data was exposed in the security breach, it is offering them one year of free credit monitoring and identity restoration services.

“You may enroll in the free credit monitoring and identity restoration services. Additionally, although no financial information was impacted, it is always a good idea to remain vigilant, to review your account statements and to monitor your credit reports.” concludes the data breach notice.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Vertafore)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.