If you have a Texas driver’s license, your personal identifiable information (PII) may have been compromised in a recent data breach.
The victim is Vertafore, a Colorado based insurance software solutions company. Vertafore purchases data from state governments. This relationship is how Vertafore has obtained data from millions of driver’s license information of Texans.
Experian, a global leader in consumer and business credit reporting and more, notified two individuals about their driver’s license information being available on the dark web.
Texas’ population is about 28 million, and around 27.7 million driver’s licenses were impacted.
According to Vertafore, human error is to blame here. Vertafore claims three data files were stored in an unsecured storage service and accessed without permission. When it comes to setting up cloud storage, it is critical to make sure external access is not allowed, a step very often overlooked.
Threat actors compromised the environment back in March. The Texas Department of Motor Vehicles wasn’t aware because their environment wasn’t primarily affected.
This is why knowing where your client information is stored is crucial to security success. On top of this, breach notification standards must be setup prior to signing contracts with partners that hold client data. It is important to ask vendors about their security measures and procedures. If their standers aren’t acceptable, they aren’t the company you want holding your data.
This incident is evident of not comprehending a vendor’s security posture. Incidents like this can be avoided. Vertafore now has a third-party firm investigating the incident, but if Vertafore had a 24/7/365 Security Operations Center (SOC) team of professional cybersecurity engineers monitoring their environment, this would have been prevented when the cloud storage was left open.
Organizations need to partner with a cybersecurity firm to have continuous monitoring and a team of threat hunters to protect their environment from any type of malicious threat including the most common threat of human error.
Our EDR Platform, ShadowSpear® maximizes the security of an organization. Network defenders should apply these strategies and tools to avoid falling victim to malicious threat groups. Utilizing a trusted Endpoint Detection and Response (EDR) tool will put your organization on an even higher level to protect your network.