The data exposed included driver’s license numbers, addresses, dates of birth and vehicle registration history, according to the company. The group said no Social security numbers or financial account information has been compromised.
The breach occurred after three files were accessed by an unauthorized user after the files were “inadvertently stored in an unsecured external storage service,” Vertafore said in its statement.
“Immediately after learning about the issue, Vertafore secured the potentially affected files and investigated the event and the extent to which the data may have been affected,” the company wrote.
The company noted that it had alerted the Texas Department of Motor Vehicles (DMV), the Texas Department of Public Safety (DPS), Texas Attorney General Ken Paxton (R) and federal authorities responsible for the law application.
The company said it learned of the breach in August and immediately engaged a “top intelligence firm” to determine whether any of the exposed data had been stolen and misused.
Although the company could not find any evidence of this, Vertafore said it provides one year of free credit monitoring and identity restoration services to all Texas residents with driver’s license data. been exposed.
A Texas DMV spokesperson told The Hill that the Texas attorney general’s office has opened an investigation into the breach, but stressed that none of the affected systems were a Texas government network.
“The information breach was caused by Vertafore. The Texas Department of Motor Vehicles was not hacked and was not the cause of the violation, ”the Texas DMV spokesperson said. “The Texas Department of Motor Vehicles takes the protection of consumer information very seriously. The department classifies and protects data according to existing statutory regulations and industry principles, and retains and destroys all data in accordance with state and agency data retention and disinfection policies. “
The Texas DPS also distanced state government systems from the violation.
“There has been no violation of the Texas driver’s license system or any other DPS database,” the Texas DPS told The Hill in a statement. “The ministry is aware of the data event that occurred at Vertafore. The Texas Attorney General’s Office, DPS, Department of Motor Vehicles, and U.S. federal law enforcement are all reviewing the matter. “
Vertafore stressed when disclosing the breach that it was taking steps to improve employee training in cybersecurity and privacy, strengthening security policies and procedures, and further improving the security of its systems.
“These complex investigations take time,” Vertafore wrote. “We acted quickly and took care and time to be able to obtain and provide accurate information. We sincerely regret any inconvenience this may cause. “
“Vertafore maintains a variety of information security policies, procedures, practices and controls,” the company added. “We are constantly monitoring our network and systems for any unusual activity. Unfortunately, Vertafore, like any other business, is not immune to this type of event. “