Data relating to some 27.7 million Texas drivers has been exposed online and stolen from an unsecured database belonging to insurance company Vertafore Inc.

The databases were left online between March 11 and Aug. 1 and included names, dates of birth, addresses and vehicle registration histories. According to the company last week, the data was exposed when someone placed three company files on “an unsecured external storage service that appears to have been accessed without authorization.”

There’s the usual tick box of responses to the data breach from Vertafore, with the company claiming that it has no “information misuse has been identified” despite confirming the exposed data had been accessed. The company is also offering free credit monitoring and identity restoration services to all Texas drivers license holders potentially affected by the data breach.

“This breach is yet another example of a company leaving a server and critical information unsecured without any protection, an unfortunate trend that has been the cause of many recent breaches, Vinay Sridhara, chief technology officer of AI-powered security posture firm Balbix Inc., told SiliconANGLE. “According to a recent report, nearly half (46%) of organizations find it hard to tell which vulnerabilities are real threats versus ones that will never be exploited. This leaves security teams flying blind when it comes to prioritizing risk and leaves organizations vulnerable to unexpected attacks, such as those exploiting a breach at a former third-party partner with access to sensitive data.”

Javvad Malik, security awareness advocate at security awareness training firm KnowBe4 Inc., pointed out that a lot of individuals could be hurt by the exposure.

“The incident does serve as a reminder that technology alone is insufficient to have complete security and that human error can result in undesirable outcomes,” Malik said. “That’s why it’s important to invest in security awareness and training alongside technical controls to encourage secure behaviors which ultimately can lead to building a culture of security within organizations.”

Photo: VertaforeWiki/Wikimedia Commons