Insurance software company Vertafore was hit with a data breach back in March that exposed information for over 27 million Texas drivers. Three files were uploaded to an external storage drive that was unsecured, leaving the driver information exposed. Information in the files was only from licenses issued before February of 2019 and included Texas driver license numbers, names, dates of birth, addresses, and vehicle registration histories. While a third-party did access the files, Vertafore and the security company they are working with have not found any evidence of abuse. All appropriate government authorities have been notified as well as potentially impacted parties. Vertafore stated, “Although that firm did not find any evidence, to be considerate of all Texas driver license recipients and out of an abundance of caution, Vertafore is offering them one year of free credit monitoring and identity restoration services in recognition that these services offer valuable protection in other contexts beyond this event.”
When storing files online, it is important to make sure strong passwords and two-factor authentication are used to prevent unauthorized access. Cloud storage misconfigurations are a common problem that affects many businesses. It is important to have a clear security point of contact for external researchers to be able to report problems that they find directly to the affected company. It is also advised to audit file and folder shares. Any Texas driver who may have been affected should take advantage of the free credit monitoring service being provided by Vertafore, and also consider additional steps such as a credit freeze to protect against fraudulent accounts being opened using their personal information.