A software company that provides services for insurance groups disclosed this week that about 27.7 million Texas driver’s license records were exposed in a data breach earlier this year.
The company, Vertafore, said in a statement posted on a website set up to address the breach that the data was exposed between March and August and affected licenses issued before February 2019.
Exposed data included driver’s license numbers, addresses, dates of birth and vehicle registration history, according to the company. The group said that no Social Security numbers or financial account information were compromised.
The breach happened after three files were accessed by an unauthorized user after the files were “inadvertently stored in an unsecured external storage service,” Vertafore said in its statement.
“Immediately upon becoming aware of the issue, Vertafore secured
True bills itself as the social networking app that will “protect your privacy.” But a security lapse left one of its servers exposed — and spilling private user data to the internet for anyone to find.
The app was launched in 2017 by Hello Mobile, a little-known virtual cell carrier that piggybacks off T-Mobile’s network. True’s website says it has raised $14 million in seed funding, and claimed more than half a million users shortly after its launch.
But a dashboard for one of the app’s databases was exposed to the internet without a password, allowing anyone to read, browse and search the database — including private user data.
Mossab Hussein, chief security officer at Dubai-based cybersecurity firm SpiderSilk, found the exposed dashboard and provided details to TechCrunch. Data provided by BinaryEdge, a search engine for exposed databases and devices, showed the dashboard was exposed since at least early September.
More than 100 smart irrigation systems were left exposed online without a password last month, allowing anyone to access and tamper with water irrigation programs for crops, tree plantations, cities, and building complexes.
The exposed irrigation systems were discovered by Security Joes, a small boutique security firm based in Israel.
All were running ICC PRO, a top-shelf smart irrigation system designed by Motorola for use with agricultural, turf, and landscape management.
Security Joes co-founder Ido Naor told ZDNet last month that companies and city officials had installed ICC PRO systems without changing default factory settings, which don’t include a password for the default account.
Naor says the systems could be easily identified online with the help of IoT search engines like Shodan.
Once attackers locate an internet-accessible ICC PRO system, Naor says all they have to do is type in the default admin username and press Enter