Cyber Incident Victim: Vertafore

The Vertafore data breach occurred between March 11 and August 1, 2020, when three files containing Texas driver license information were inadvertently stored on an unsecured external storage service. Human error was identified as the root cause, with the files remaining accessible until their removal. Vertafore's subsequent investigation confirmed unauthorized access to these files during the exposure window. The compromised data involved driver records issued before February 2019, which Vertafore utilized for insurance rating software solutions. Exposed personal information included driver license numbers, full names, dates of birth, residential addresses, and vehicle registration histories. The company confirmed that Social Security numbers and financial account details were not included in the exposed datasets. Approximately 27.7 million Texas drivers were affected by this security incident.

Vertafore notified multiple authorities about the breach, including the Texas Attorney General, Texas Department of Public Safety, Texas Department of Motor Vehicles, and federal law enforcement agencies. The company engaged an intelligence firm to investigate potential misuse of the exposed data, though no evidence of abuse was identified. Despite this finding, Vertafore offered affected individuals one year of complimentary credit monitoring and identity restoration services as a precautionary measure. Internal remediation efforts included permanent removal of the files from the unsecured storage system. The breach notification was publicly disclosed via Vertafore's website in November 2020, nearly eight months after the initial exposure window began. No technical details regarding the external storage service or unauthorized access methods were disclosed in public communications.