The MSP Responder – Vertafore Data Breach

vertafore data breach

What Happened?

Vertafore offers insurance software solutions for Carriers, Agencies, Brokers, MGAs, and MGUs. They service more than 20,000 agencies, over 1,000 carriers, and 23 state governments. In August of 2020, a Vertafore data breach would rock not only their company but also tens of millions of people.

In August 2020, Vertafore discovered a data breach had occurred within their secure environment. According to a report released by Vertafore in November 2020, the unauthorized data breach occurred as a result of human error. In a statement posted on their website, Vertafore states that, “three data files were inadvertently stored in an unsecured external storage service that appears to have been accessed without authorization.”

What was affected?

The hack exposed the personal information of 27.7 Million Texas drivers was exposed during a 2020 hack.

Vertafore says the personal data affected included “driver information for licenses issued before February 2019, Texas driver license numbers, as well as names, dates of birth, addresses and vehicle registration histories.”

Vertafore went on to offer free credit monitoring and identity restoration services to all customers.

This was not the only time hackers accessed driving records. In an unrelated incident, hackers accessed a cloud-storage folder hosted by Amazon Web Services (AWS) which revealed over 100,000 driver’s license photos.

Soon after the data breach, Vertafore was hit with a class-action lawsuit that alleged, “Vertafore acted negligently in failing to adopt reasonable security protocols to prevent and detect the Data Breach. Had Vertafore taken these measures, Plaintiff and Class members would not have been harmed.”

The lawsuit went on to say, “Vertafore has access to and stores Texas drivers’ personal information while promising to take “data privacy and security very seriously.” Unlike credit cards, which can be cancelled, the suit complains that driver’s license numbers take the filing of official police reports and varying types of paperwork to be changed.

The suit is seeking damages, along with a court order forcing the company to stop collecting and using motor vehicle records for its databases.

And all of this began with unsecured data.

How are you securing your user data?

We hear a lot about large companies like Vertafore who have been attacked because the impact is much greater with companies who service lots of customers. But the reality is that attacks are prevalent at the more local levels, too. Businesses of all sizes need to be buckling down, working with IT administrators, MSPs and MSSPs to secure their networks. Here are some additional resources you might consider when you are evaluating security options.

BONUS RESOURCE
Preventing Ransomware Attacks eBook (PDF)

Read an in-depth summary where we look at several recent ransomware attacks to break down exactly what happened, which ransomware prevention plans worked, and which ones didn’t hold up when it mattered the most.

Want to receive more information like this?

Mailprotector strives to help MSPs keep organizations safe. In doing so, we like to send occasional information on cybersecurity-related news events. As an email security company, we promise not to over-share!

Stay aware of email threats

Get notified whenever a new MSP Responder article is published: