Expert Insight: Info Of 27.7 Million Texas Drivers Exposed In Vertafore Data Breach

By   ISBuzz Team
Writer , Information Security Buzz | Nov 16, 2020 02:45 am PST

According to ZDNet, Vertafore, a provider of insurance software, has disclosed this week a data breach, admitting that a third-party accessed the details of 27.7 million Texas drivers.  The incident took place on March 11 and happened as a result of human error when three data files were inadvertently stored in an unsecured external storage service. Vertafore said the files were removed from the external storage system on August 1, but after an investigation, they discovered that the files had been accessed without authorization.  According to the software provider, the three files contained information on driver’s licenses issued before February 2019, which the company was using for its insurance rating software solution.

https://www.zdnet.com/article/info-of-27-7-million-texas-drivers-exposed-in-vertafore-data-breach/

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Trevor Morgan
Trevor Morgan , Product Manager
November 16, 2020 10:48 am

The Vertafore data breach, in which the personally identifiable information of millions of Texas drivers was revealed, reinforces the weaknesses inherent in a perimeter-only strategy. The breach was reported to have occurred due to the sensitive data being transferred to an unsecured external storage device. If that data itself had been secured, rather than relying on the security mechanisms of the storage device or the perimeter around it (or lack thereof), then the data essentially would be useless to anybody trying to leverage the stolen information. This style of defence, known as data-centric security, includes methods such as tokenization, which replaces sensitive information with meaningless representational tokens. The best part is that data-centric security travels with the data, so even if it winds up in an unsecured location, as happened in the Vertafore breach, peoples’ most sensitive personal information will still be protected.

Last edited 3 years ago by Trevor Morgan

Recent Posts

1
0
Would love your thoughts, please comment.x
()
x