Personal details of 27.7 million drivers in Texas exposed in a recent Vertafore data breach

Data breaches have become part of our everyday reality affecting governments, businesses, and individuals alike. In this blog post series, we take a look at recent breach incidents, analyse how they happened, and examine what can be done for your protection.

What Happened?

A Colorado-based provider of insurance software disclosed a data breach involving about 27.7 million Texas driver’s license records. The data breach is reported to have happened between March 11 and August 1, 2020 and was due to a human error. The incident occurred when three data files were accessed by an unauthorized user after a Vertafore employee placed them online in an unsecured external storage service.

What Information Was Involved?

According to Vertafore Inc., the data breach affected driver’s licenses issued before February 2019. The exposed data included driver’s license numbers, addresses, dates of birth, and vehicle registration history. 

In a data breach press release issued on 10 November 2020, the company claims no Social Security numbers or financial account information were compromised.

What Are the Risks to You?

Consumer data is a primary target during data breaches. If a data breach involves your driver’s licence, bad actors are likely to get access to your name, address, date of birth, gender, biometric data (your height, weight, the color of your eyes and hair), personal restrictions (glasses, etc.) and more. 

Cybercriminals can use personally identifiable information like names, addresses, and phone numbers in combination with Social Security numbers to commit criminal, medical, and other types of identity theft, and synthetic identity fraud.

Hackers can also leverage this information for financial gain on the dark web where the same stolen data can be sold over and over again. In these scenarios, bad actors post listings of the stolen data on an eBay-like marketplace and sell it to the highest bidder. Such listings are sold for  anywhere between less than $1 to about $450, with the average price for someone’s identity costing twenty dollars.

Is There Anything You Can Do?

Unfortunately, you have little to no control over your personal information stored by the third-party services. Preventing what’s already happened is not an option. But, you should use all of the damage mitigation measures and solutions offered by the company at fault. In this particular case, Vertafore is offering to all victims “one year of free credit monitoring and identity restoration services”.

In addition, assessing the level of personal information exposure is crucial to confronting identity theft and developing an effective protection strategy. Start with  OneRep’s free trial to identify the sites that expose your personal information and initiate the automatic removal of your data.

We also recommend following these security guidelines to help avoid a data breach:

#1 Use strong passwords and change them regularly

#2 Use multi-factor verification whenever possible to add an extra layer of security for your accounts.

#3 Install a password manager to encrypt your passwords.

#4 Check your email address on haveibeenpwned.com to make sure your personal data hasn’t been compromised in data breaches.

#5 Update your software and devices as soon as new versions are available.

#6 Be aware of recent scams and frauds. Scammers will never stop scamming. But you can catch up. Be up to date with the latest digital risks individuals face: 

Stay Informed

To protect your identity use the precautionary steps above and follow us on Facebook and Twitter for future data breach alerts.

Click here to view our protection plans and sign up for our free trial to keep yourself safe online.

 
Iryna Slabodchykava

Content Strategy Manager at OneRep | LinkedIn