Vertafore, a Denver-based insurance technology company, exposed the personal records of approximately 27.7 million Texas residents after three files containing driver information were left on an unsecured external server. The data sat exposed between March 11 and August 1, 2020, before the breach was discovered. No external hacker broke in. The exposure resulted from a misconfiguration, specifically files stored outside of Vertafore's protected internal systems without proper access controls. The exposed files contained names, home addresses, dates of birth, driver's license numbers, and vehicle registration histories for Texas license holders issued before February 2019. Driver's license numbers and vehicle identifiers are particularly sensitive because they are unique, government-issued identifiers that are difficult or impossible to change. In combination, this data can be used to commit identity theft, insurance fraud, or agent impersonation within the insurance industry. Because Vertafore sits at the center of insurance data workflows for thousands of organizations, the exposure also creates downstream risk for carriers and agents whose clients appear in these records. Vertafore disclosed the breach in November 2020 and reported it to the Texas Attorney General, the Texas Department of Public Safety, the Texas DMV, and federal law enforcement. The company offered one year of free credit monitoring to affected individuals. Multiple class-action lawsuits followed, seeking over $69 billion in damages under the federal Driver's Privacy Protection Act (DPPA). Both a district court and the Fifth Circuit Court of Appeals dismissed the litigation, finding that accidental unsecured storage did not meet the DPPA's threshold for a knowing disclosure. For affected individuals, the practical risk remains: their driver's license numbers and vehicle records cannot be changed, and the data may continue to circulate and be exploited long after the original exposure.

Insurance SaaS platforms collect agent, client, policy, claims, contact, and workflow data across software systems used by carriers, brokers, and agencies.

Vertafore continues to operate as a major insurance technology provider. No significant organizational or ownership changes have been prominently reported in the most recent period. The company has been acquired and managed by private equity through its recent history.