Cybersecurity researcher Jeremiah Fowler made a startling discovery of a non-password-protected database containing over 250,000 documents related to auto insurance policies. The exposed data included highly sensitive personal identifiable information (PII) of policyholders.
The exposed documents within the database comprised various critical records, such as vehicle registrations, insurance cards, driver’s licenses, and more.
Details of what the database contained
- 96,175 folders that contained a total of 255,756 records with a size of 93.93 GB.
- Folders contained insurance policy cards and driver’s licenses (front and back sides).
- Some folders also included additional documents such as auto loan information that contained PII and social security numbers, vehicle titles, applications for titles, state registrations, Medicaid or health insurance cards, utility bills showing proof of residence, letters from banks showing active accounts, and partial account numbers.
- The breach included customer and applicant names, home addresses, phone numbers, driver’s license numbers, vehicle identification numbers (VINs), and insurance policy details.
- Sales records with auto dealer information that included EIN tax identification numbers and other sales or vehicle data. Some included the buyer’s social security number (SSN) in plain text.
The breach of auto insurance data poses significant risks to the affected individuals. Criminals who gain access to such personal information can engage in identity theft, fraud, or auto insurance scams.
The exposed data can be exploited on the dark web, leading to fraudulent claims and potential increases in the victims’ insurance rates. Furthermore, the availability of driver’s licenses and health insurance cards can enable identity thieves to perpetrate various illegal activities, including unauthorized medical care and fraudulent charges.
