According to ZDNet, Vertafore, a provider of insurance software, has disclosed this week a data breach, admitting that a third-party accessed the details of 27.7 million Texas drivers. The incident took place on March 11 and happened as a result of human error when three data files were inadvertently stored in an unsecured external storage service. Vertafore said the files were removed from the external storage system on August 1, but after an investigation, they discovered that the files had been accessed without authorization. According to the software provider, the three files contained information on driver’s licenses issued before February 2019, which the company was using for its insurance rating software solution.
https://www.zdnet.com/article/info-of-27-7-million-texas-drivers-exposed-in-vertafore-data-breach/
The Vertafore data breach, in which the personally identifiable information of millions of Texas drivers was revealed, reinforces the weaknesses inherent in a perimeter-only strategy. The breach was reported to have occurred due to the sensitive data being transferred to an unsecured external storage device. If that data itself had been secured, rather than relying on the security mechanisms of the storage device or the perimeter around it (or lack thereof), then the data essentially would be useless to anybody trying to leverage the stolen information. This style of defence, known as data-centric security, includes methods such as tokenization, which replaces sensitive information with meaningless representational tokens. The best part is that data-centric security travels with the data, so even if it winds up in an unsecured location, as happened in the Vertafore breach, peoples’ most sensitive personal information will still be protected.