[Security Weekly] Vertafore Data Breach Leaks Personal Data of 27.7 Million Texas Drivers

Cover Image

3rd Week of November 2020


1. Vertafore data breach leaks personal data of 27.7 million Texas drivers

Vertafore, an American insurance software solutions firm, disclosed a data breach that exposed the driver’s licence of 27.7 million Texas drivers.

According to Vertafore, the incident was the result of a human error. Sensitive files were mistakenly stored in an unsecured third-party cloud database during the period between March 11 and August 1. Even though the files were removed from the database after August 1, follow-up investigations suggested that the data had been accessed by third parties during the exposure period.

The leaked data included all information on the driver’s licences of Texas drivers that were issued prior to February 2019. This included personal information such as names, dates of birth, home addresses, driver’s licence numbers, and vehicle registration information. All these data were stored by Vertafore for insurance rating purposes.

Vertafore reported the incident to data regulators and announced that it would compensate all victims by providing them with free credit monitoring and identity restoration services for one year.

Sources: ZDNet, Infosecurity


2. Ticketmaster UK fined £1.25 million for data breach

The UK’s Information Commissioner’s Office (ICO) announced on November 13 that a fine of £1.25 million would be imposed on Ticketmaster UK — the British subsidiary of the California-based ticket sales firm — for violations of the GDPR relating to a data breach in 2018. 

The data breach was caused by a vulnerability in the chatbot application put up on Ticketmaster UK’s checkout page. The attackers exploited the web app to inject malicious JavaScript to the page, allowing them to extract the payment card details entered by the users at checkout. This affected nearly 10 million Ticketmaster customers in Europe, leading to a number of payment card frauds, and the replacement of tens of thousands of credit cards.

After being notified of payment card fraud relating to its website, Ticketmaster UK failed to detect the cause of the incident in time, failed to disable the chatbot app in time, and failed to report the details of the breach to the ICO within 72 hours, all of which were deemed as violations of the GDPR.

Security experts warn that adding additional web apps and plugins to the checkout page would increase the risk of its checkout forms being compromised, given that the checkout page is the most appealing target for attackers.

To protect web pages from the injection of malicious scripts, having a web application firewall (WAF) is crucial. Penta Security’s WAPPLES is an advanced WAF that is equipped with a logical rule-based detection engine, effectively preventing all web attacks and minimizing the risk of data breaches. To learn more about WAPPLES, click here.

Sources: Bank Info Security, Sky News


3. The North Face online shop suffers credential stuffing attack

The North Face, one of the largest outdoor apparel retailers, suffered a credential stuffing attack that affected its online shop, forcing the company to reset the passwords for a number of users.

According to the company, a credential stuffing attack was directed at its online shop between October 8 and October 9. The attackers likely gained access to many user accounts, which contained personal information including names, dates of birth, phone numbers, home and billing addresses, loyalty point information and purchase histories. 

Although the company did not disclose the specific number of people affected, all impacted customers were forced to reset their passwords. It also claimed that the login credentials used in the attack were likely obtained from a third source, which likely affected mostly those who reuse passwords across different accounts. 

Credential stuffing attacks can be easily mitigated with multi-factor authentication (MFA). ISign+ is an appliance-type single sign-on (SSO) MFA solution that helps organizations manage their accounts securely and conveniently. To learn more about ISign+, click here.

Sources: Threatpost, Forbes


4. COVID-19 research firm Miltenyi Biotec attacked by Mount Locker ransomware

Miltenyi Biotec, a global biotechnology firm based in Germany, experienced a cyberattack in October that impaired its IT infrastructure for over two weeks. With over 3,000 employees in over 28 countries, the company is a crucial provider of cell research and therapy products for the development of COVID-19 vaccines and treatments.

The attack significantly impaired the company’s order processing, email, and phone systems. It took more than two weeks until the company finally announced its recovery from the incident on November 13. However, customers are expected to face delays in ordering and shipping.

The Mount Locker ransomware claimed responsibility for the attack in early November and published a small portion of the 150GB of data exfiltrated from the company on its official leak site.

As COVID-19 vaccines begin to reach their production stage, attacks on related organizations are on the rise. On November 19, cold storage company Americold was hit with a cyberattack that impacted its operations. As the largest cold storage provider in the US with 183 storage warehouses across Canada, Australia, New Zealand, and Argentina, the company is expected to provide storage space for COVID-19 vaccines, which require strictly controlled temperature.

Sources: Bleeping Computer, Infosecurity


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: ISign+ 

Car, Energy, Factory, City Solutions: Penta IoT Security