Vertafore a company that provides insurance software services has disclosed a data breach in which a third-party got into the details of over 27.7 million Texas drivers. They believe the incident took place from March to August due to a human error where three data files were stored in an unsecured external storage service.
It is reported that the files were then removed from the storage it was contained in. Later on, in the investigation, it was discovered that someone else has accessed it without authorization. The data inside the three files contained info on driver's licenses issued before February of 2019 which was for its software solution. This data has Texas driver license numbers, names, DOB (Date of Birth), addresses, and vehicle registration histories.
Thankfully, it did not include any SSN (Social Security Numbers) or any financial account information. It appeared that the files were used for a rating system of the insurance software.
The insurance software company did notify the Texas Attorney General, Department of Public Safety, Department of Motor Vehicles, and Federal Law Enforcement. They are also beginning to notify those who had their information breached.
They did work with a security firm to see if the breach was due to abuse or misused but did not find any evidence of malicious intent.
"Although that firm did not find any evidence, to be considerate of all Texas driver license recipients and out of an abundance of caution, Vertafore is offering them one year of free credit monitoring and identity restoration services in recognition that these services offer valuable protection in other contexts beyond this event," (Vertafore, 2020)
Back in September, there was also an incident in Australia, New South Wales where the cloud storage folder which was hosted by Amazon Web Services that contained data of drivers. Of course, it contained information about their licenses and photos. The folder was apparently not properly secured.
They also had a phishing attack earlier this year which did compromise them as well. Though it seems lately government entities are having trouble with DLs (Driver Licenses) being leaked. Hopefully it won't become a more widespread trend.