Denver, Colo.-based insurance information technology company, Vertafore Inc., says a potential breach has occurred of data involving information about anyone who was issued a driver’s license in Texas prior to February 2019.
The company reported to the Texas Department of Motor Vehicles that three data files containing driver license information, vehicle registration and lienholder information may have been placed by a Vertafore employee in an unsecured external storage service online. The files “contained Texas driver information for approximately 27.7 million people,” Vertafore said in a media released dated Nov. 10.
In a statement, Vertafore said: “The files, which included driver information for licenses issued before February 2019, contained Texas driver license numbers, as well as names, dates of birth, addresses and vehicle registration histories. … No information misuse has been identified. No customer data or any other data—including partner, vendor or other supplier data—or systems hosted for them were impacted. Additionally, no Vertafore system vulnerabilities were identified.”
The company said after learning of the possible data breach it immediately reported the event to the Texas Attorney General, Texas Department of Public Safety, Texas Department of Motor Vehicles and U.S. federal law enforcement. The company said it “is actively assisting law enforcement.”
The unauthorized access to the data files occurred sometime between March 11 and Aug. 1, 2020. The files, which supported one of Vertafore’s insurance rating product, did not contain Social Security numbers or financial account information. The company learned about the unauthorized access in mid-August. It said upon learning of the event, it “immediately secured the potentially affected files and has been investigating the event and the extent to which data may have been impacted.”
Vertafore said it had determined “that as a result of human error, three data files were inadvertently stored in an unsecured external storage service that appears to have been accessed without authorization.”
The company emphasized that so far no evidence has been found “indicating potential misuse of this information in connection with this event.”
It is offering all Texas drivers licensees “one year of free credit monitoring and identity restoration services in recognition that these services offer valuable protection in other contexts beyond this event.”
More information about the data breach may be found on a dedicated website, https://vertafore.kroll.com/. The company also has initiated a call center with additional information about the event, the company’s response and available services. The call center can be reached by calling 888-479-3560 between the hours of 8 a.m. to 5:30 p.m. CT Monday through Friday.
The Texas DMV reported that Vertafore believes it previously obtained the potentially compromised information from the DMV and the Texas Department of Public Safety. While there are “certain restrictions on its use, Texas law permits, and at times requires, the release to authorized parties of driver license and vehicle registration information,” the DMV stated.
The DMV maintains on its website that it “classifies data and protects data based on existing statutory regulations and industry principles, and retains and destroys all data in accordance with state and agency data retention and data sanitization policies.”
Was this article valuable?
Here are more articles you may enjoy.