Vertafore, a provider of insurance software, has disclosed this week a data breach, admitting that a third-party accessed the details of 27.7 million Texas drivers.
The incident is believed to have taken place sometime between March 11 and August 1, and happened as a result of human error when three data files were inadvertently stored in an unsecured external storage service.
Vertafore said the files were removed from the external storage system, but after an investigation, they discovered that the files had been accessed without authorization.
According to the software provider, the three files contained information on driver's licenses issued before February 2019, which the company was using for its insurance rating software solution.
Exposed data included Texas driver license numbers, names, dates of birth, addresses, and vehicle registration histories.
Social Security numbers or financial account information was not included, Vertafore said in a data breach notification published on its website this week.
Vertafore said it notified relevant authorities about the security breach, including the Texas Attorney General, the Texas Department of Public Safety, the Texas Department of Motor Vehicles, and federal law enforcement.
An investigation is underway. The company is now also notifying Texas drivers whose data was exposed in the breach.
Vertafore said it has worked with an intelligence firm but has not found any evidence that the leaked data has been abused or misused.
"Although that firm did not find any evidence, to be considerate of all Texas driver license recipients and out of an abundance of caution, Vertafore is offering them one year of free credit monitoring and identity restoration services in recognition that these services offer valuable protection in other contexts beyond this event," Vertafore said.
Still, Texas drivers aren't the only ones dealing with a data breach that exposed their personal information these days. The information of thousands of New South Wales driver's license holders was also exposed in Australia in September after more than 100,000 images were similarly left in an unsecured Amazon Web Services (AWS) cloud storage folder.