Yet another accidental data breach exposes personally identifiable information (PII) of 27.7 million drivers in Texas.
If you are a licensed driver in Texas registered before February 2019, you may be one of the millions affected by a data breach at Vertafore. The insurtech solutions vendor revealed a data breach involving driver information of 27.7 million licensed drivers from Texas.
According to a statementOpens a new window by Vertafore, the breach is caused by human error, which led to a third-party accessing the information without any authorization. The company said that an employee inadvertently stored three data files in unsecured external storage, which caused the breach.
Last week, Vertafore notified the public of the breach, which occurred sometime between March 11 and August 1, 2020. The insurance software vendor apprised the Texas Attorney General, Texas Department of Public Safety, Texas Department of Motor Vehicles and U.S. federal law enforcement of the incident.
Vertafore provides software and critical information to insurance companies and brokers for seamless management of business. As a result, it had access to more than just license numbers of Texas drivers. The breached information also includes driver names, dates of birth, addresses, and vehicle registration histories which the Colorado-based company said “were maintained to support a specific product within Vertafore’s insurance rating solutions.†Fortunately, the three files did not contain social security numbers or any financial information of the affected parties.
The 2020 Q3 Data Breach QuickView ReportOpens a new window by Risk Based Security found that a significant 17% of all breaches originated from within the organization and that accidents were behind 69% of such internally-caused breaches.
Late in August 2020, a data breach involving 108,535 images of around 54,000 Australian driversOpens a new window registered in New South Wales was also caused by an accidental database misconfiguration.
More than 50K scanned driver licenses (front+back) and toll notices exposed in a misconfigured S3 bucket. Most likely – part of NSW RMS infrastructure (Road and Maritime, New South Wales, Australia). Secured now. No official response though. Thanks to @troyhuntOpens a new window for assistance. pic.twitter.com/FRTQ5GEEJEOpens a new window
— Bob Diachenko (@MayhemDayOne) August 26, 2020Opens a new window
See Also: Swedish Insurer Folksam Admits to an Accidental Customer Data Breach
More recently, Swedish insurer Folksam Group also accidentally shared (leaked) data of over one million customers to Big Tech firms such as Google, Microsoft, Facebook, and others such as Adobe and LinkedIn.
Javvad Malik, Security Awareness Advocate KnowBe4 told SiliconANGLEOpens a new window , “The [Vertafore] incident does serve as a reminder that technology alone is insufficient to have complete security and that human error can result in undesirable outcomes. That’s why it’s important to invest in security awareness and training alongside technical controls to encourage secure behaviors which ultimately can lead to building a culture of security within organizations.â€
Vertafore has roped in a leading intelligence to find evidence of misuse of the breached data. To avoid misuse of data, Vertafore is offering one year of free credit monitoring and identity restoration services to all affected Texas drivers. But this isn’t going down well with some citizens.
A Slashdot user rmdinglerOpens a new window comments, “That and four dollars will get you a cup of coffee at Starbucks. Data breach lawsuits often fail because proving harm is nebulous, and despite repeatedly routine carelessness with other people’s private information, penalties for security sloppiness never seem to get ramped up by our governors.â€
They add, “Until penalties for these infractions become much more severe, there will be no industry willingness to spend on security… something like if the penalty for a breach is credit card related, you can’t accept those for payment for X months or until you sort it out to an oversight board’s satisfaction.â€
The Texas Department of Motor Vehicles (DMV) set up a page on their website dedicated to the needs of affected drivers. Those who believe their personal information might be compromised can report hereOpens a new window .
Let us know if you liked this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!