A breach at an insurance software company has resulted in the compromise of 27.7 million personal and driver’s license details in Texas.
Vertafore claimed in a notification this week that, due to human error, three files were stored in an unsecured third-party service which was subsequently accessed without authorization.
The firm was unable to say exactly when this happened — only that it occurred at some point between March 11 and August 1. Vertafore has told Infosecurity that the customer notice was delayed at law enforcement’s request.
Vertafore said that, upon discovering the breach, it immediately secured the files and engaged the help of an outside consultancy to investigate further, as well as law enforcement. The firm didn’t itself detect the breach but had to be notified by a “trusted third party.”
“The files, which included driver information for licenses issued before February 2019, contained Texas driver license numbers, as well as names, dates of birth, addresses and vehicle registration histories,” it explained.
“They did not contain any Social Security numbers or financial account information. No information misuse has been identified. No customer data or any other data — including partner, vendor or other supplier data — or systems hosted for them were impacted. Additionally, no Vertafore system vulnerabilities were identified.”
Vertafore is offering affected customers free credit monitoring and identity restoration services for a year.
The firm said in its FAQs that “we are not aware of any way this information could be used to commit fraud.” However, there is certainly ample opportunity for cyber-criminals to launch convincing follow-on phishing attacks using the personal and driver’s license details compromised.