Remember meForgot password?
    Log in with Twitter

article imageLooking behind the Vertafore data breach Special

By Tim Sandle     Nov 21, 2020 in Technology
Vertafore, a provider of insurance software, has recently disclosed details of a data breach, admitting that a third-party accessed the details of 27.7 million Texas drivers.
According to ZDNet, Vertafore is pinning blame for the incident on human error. This apparently occurred after user data was stored on an unsecured external storage service. The files were then accessed by an external party.
The incident, reported in November 2020, is thought to have taken place sometime between March 11 and August 1 during this year. The company has indicated that the exposed data included Texas driver license numbers, names, dates of birth, addresses, and vehicle registration histories. However, social security identifiers and financial account information was not part of the lost database.
In a statement the company says: "Vertafore takes data privacy and security very seriously. The company has safeguards to protect its information and systems, with dedicated internal teams and partnerships with leading external firms" (as quoted by Star Telegram).
Commenting on the incident for Digital Journal is Vinay Sridhara, CTO, Balbix.
Sridhara looks at the background of the incident, considering how it may have happened: “This breach is yet another example of a company leaving a server and critical information unsecured without any protection, an unfortunate trend that has been the cause of many recent breaches."
With the specific incident Sridhara notes: "About 27.7 million records were exposed by this data breach, including drivers license numbers, names, dates of birth, addresses, and vehicle registration histories. According to a recent report, nearly half (46%) of organizations find it hard to tell which vulnerabilities are real threats versus ones that will never be exploited. This leaves security teams flying blind when it comes to prioritizing risk and leaves organizations vulnerable to unexpected attacks, such as those exploiting a breach at a former third party partner with access to sensitive data."
Sridhara also says: "While compliance to security laws has become a more daunting task than ever before given the accelerated adoption of new digital services and online tools to support remote workforces, insurers must take steps toward strengthening visibility and quantifying cyber risk."
With the most important preventative action, Sridhara recommends: "To manage risk across their networks as well as a growing array of partners, organizations must employ tools that can monitor and prioritize vulnerabilities across the entire threat ecosystem, particularly areas with low visibility like user management.”
More about Vertafore, Data breach, Cybersecurity
More news from
Latest News
Top News