Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
United States Security

Data Breach Exposes 27 Million Texas Driver's License Records (thehill.com) 34

"A software company that provides services for insurance groups disclosed this week that about 27.7 million Texas driver's license records were exposed in a data breach earlier this year," reports The Hill: The company, Vertafore, said in a statement posted on a website set up to address the breach that the data was exposed between March and August and affected licenses issued before February 2019. Exposed data included driver's license numbers, addresses, dates of birth and vehicle registration history, according to the company. The group said that no Social Security numbers or financial account information were compromised.

The breach happened after three files were accessed by an unauthorized user after the files were "inadvertently stored in an unsecured external storage service," Vertafore said in its statement....

Vertafore said that it is providing a year of free credit monitoring and identity restoration services to all Texas residents whose driver's license data was exposed... Vertafore emphasized in disclosing the breach that it was taking steps to enhance employee cybersecurity and privacy training, reinforcing security procedures and policies, and further enhancing the security of its systems.

This discussion has been archived. No new comments can be posted.

Data Breach Exposes 27 Million Texas Driver's License Records

Comments Filter:
  • by Anonymous Coward

    But THEY are too stupid to use it in the first place.

    • what i find fascinating is that texas even bothers to keep those kinds of records in the first place.
      and yes.
      you have to have lived there in order to understand
      • what i find fascinating is that texas even bothers to keep those kinds of records in the first place. and yes. you have to have lived there in order to understand

        I did, and I do.
        Seriously, Cullen Baker Defense?

  • Why? (Score:5, Informative)

    by PPH ( 736903 ) on Sunday November 15, 2020 @12:54PM (#60727422)

    From TFA:

    The files were maintained to support a specific product within Vertaforeâ(TM)s insurance rating solutions.

    What were they doing with DL records? When I log on to one of our states databases, there is a specific disclaimer that I have to check stating that I am not to use the data for 'business purposes'. So when Vertafore asks Texas for a dump of drivers license records, why doesn't Texas just tell them to f*k off.

    • Re:Why? (Score:5, Funny)

      by Nkwe ( 604125 ) on Sunday November 15, 2020 @01:00PM (#60727434)

      From TFA:

      The files were maintained to support a specific product within Vertaforeâ(TM)s insurance rating solutions.

      What were they doing with DL records? When I log on to one of our states databases, there is a specific disclaimer that I have to check stating that I am not to use the data for 'business purposes'. So when Vertafore asks Texas for a dump of drivers license records, why doesn't Texas just tell them to f*k off.

      Maybe because the state gets paid for the data?

      • by PPH ( 736903 )

        Maybe because the state gets paid for the data?

        I can opt out of Google/Facebook. I can't opt out of the state.

    • The data probably didn't come from the state. It probably came from other insurance companies.

      Assume Bob buys insurance from Allstate and three months later totals his car. Six months after that he has insurance from Farmers and he hits someone, causing an $18,000 claim. Three months later he gets cancelled for not paying his bill. Bob applies for insurance from GEICO. Geico is going to quote him a price based on his risk history because Allstate and Farmers informed Vertafore about his tendencies.

      • Iâ(TM)ve worked for a few government entities. Just about all of them farm out their IT work to private industries. That includes application development and data storage. Usually security is a total joke. I showed up to a meeting for an LA City department and gave a presentation on an application I developed. The IT managers were worried about all the data I had in the application and stated it was a threat to critical infrastructure. I proceeded to show them the publicly available files I scrapped al
  • by rmdingler ( 1955220 ) on Sunday November 15, 2020 @01:03PM (#60727442) Journal

    Vertafore said that it is providing a year of free credit monitoring and identity restoration services to all Texas residents whose driverâ(TM)s license data was exposed.

    That and four dollars will get you a cup of coffee at Starbucks.

    Data breach lawsuits often fail because proving harm is nebulous, and despite repeatedly routine carelessness with other peoples private information, penalties for security sloppiness never seem to get ramped up by our governors.

    Until penalties for these infractions become much more severe, there will be no industry willingness to spend on security... something like if the penalty for a breach is credit card related, you can't accept those for payment for X months or until you sort it out to an oversight board's satisfaction.

    • Until penalties for these infractions become much more severe,

      Severe? You could ask for a monetary penalty, but that's literally chump change. How about something seemingly more effective?

      Let's "let" the CEO of the company literally visit each and every user in their exposed database (it's not like the names and addresses are unknown) and personally apologize to each and every one. Every. One. Of. Them. Personally. Not a proxy, not his secretary, HIM.

      He shouldn't be upset -- at least that'll get him out of meetings for awhile. But driving's a hassle, so

    • by Jerk2 ( 1153835 )
      I totally agree..
      It used to be "shoot all the lawyers", but can we also now go after incompetent DBAs, and their bosses up the chain to the CEO and Board of Directors?

      Or as a less violent alternative, we release ALL their personal information into the wild including the SSN, stock broker and bank accounts numbers and their home, vacation house addresses and their license plates and tax returns over the last 5 years including all sub schedules. In the case of the CEO / BOD or Governor/President and the
    • How about this: 3rd parties who grant credit are solely responsible for identity verification, and 100% liable for all damages arising from failures in that regard. As it is now, if 'too big to fail bank' has sales commissions on loans, quotas for underwriters and 'scales back' verification to save cost then when the expected happens : underwriters give loans to anything that moves, then the law considers the person the underwriters filed fake loans for the 'responsible party' who must repay the bank/has ru
  • by puddingebola ( 2036796 ) on Sunday November 15, 2020 @01:13PM (#60727472) Journal
    Why is there so much data about me stored by companies I have never heard of and whose services I have never sought out?
    • Someone found a way to make a nickle per thousand people sold out without repercussions so they did...
      Don't worry though, if some lender cuts funding for borrower verification you're still 100% on the hook for any fund they lend out to a fraudster. We can't let you get away with escaping your debts after all.
  • Now whoever buys this data breach info can easily match my name/DOB with their other breach with my SS# and fill in my DL and vehicle info. I imagine they already have my address from previous breaches. Thanks texas.
  • Where I don't find myself saying "FUCK YOU TEXAS" out loud
    • because Texas doesn't appear to be at fault here. The breach occurred with a company based in Colorado. Driver's license numbers were included, and it's my understanding that the Texas DMV doesn't sell those - so the data probably came from insurance companies, not the state.

      If you're looking for your daily excuse to yell at Texas, this probably isn't it.

  • I just looked up the population of Texas and got the figure 29.9 million. Are there really 27 million of those holding driver's licences? That's an amazing percentage. how old to you have to be, 5?
    • by psergiu ( 67614 )

      15 and a half to apply for the DL to be active the day you turn 16.
      14 if you live on a farm (10+ acres) and drive Farm equipment (Truck or Tractor) on Farm-to-Market designated roads.

  • Why isn't all of this info considered public by this point?

    Lenders and others who use this info as proof of identity are the ones who've done something wrong!
  • "The group said that no Social Security numbers or financial account information were compromised." So is this stored in a separate "more secure" database that has to be cross-referenced with the "less secure" database? I smell BS every single time I hear this tune being played by breached companies.
  • Why does one Texas driver have 27.7 million licence records?

    • by johnw ( 3725 )

      And before anyone complains, yes I'm sorry I spelled licence in the English way rather than the American one. Apostrophes however work the same for both the English and the Americans.

  • I had some identity theft earlier this year, and this data breach seems to be a likely explanation. The thief had (and maybe still has) a driver's license with my name, birthdate, and driver's license number that he used to rent a car (never returned), apply for various loans (thankfully never issued as I had locked down my credit), and apply for unemployment in my name (never issued as my employer notified me of the claim). They needed my social, but I'm sure that's not terrible difficult to find on the da

If all else fails, lower your standards.

Working...