Your Texas driver’s license, automobile data, and pledgee have been stolen in an enormous knowledge theft

You have been hacked. We have all been hacked.

Nobody else said it, but The Watchdog will. This is probably the largest and one of the most significant data breaches Texans have ever encountered.

Approximately 27.7 million Texas driver license holders are affected.

If you haven’t heard about it, that’s part of the problem. It’s almost like nobody wants you to know.

Why were 27.7 million licenses affected when the total Texas population is 28 million? Because the number includes former citizens and dead who were granted licenses before February 2019. So it encompasses just about anyone with a Texas license that dates back an unknown number of years. Children are not included.

The watchdog has the story.

Yes, the information contained here is already available on a paid data website such as PublicData.com, although this website is not always up to date. But you have to look up every single one. With this breach, all information is already bundled and in one place.

What do the crooks have? Your license information (name, address, DL number), color, model, year and chassis number of your vehicle and the lender to whom you are making car payments.

I’m going to show you how this happened, what crooks can do with the information, and how to be prepared.

‘Human error’

The culprit here is a company you’ve probably never heard of – Vertafore of Denver, which, like many other companies, buys data from state governments. Vertafore works with the insurance industry to create ratings that will help agents, brokers and others.

“Due to human error,” Vertafore said in a press release, “three data files were inadvertently stored in an unsecured external storage service that appeared to have been accessed without permission.”

Someone found the information and reached for the files before Vertafore saw it, the company says.

The FBI and state law enforcement are investigating.

It appears to The Watchdog that although this breach started in March and lasted through August, our Texas Department of Motor Vehicles, which stores vehicle information, and the Texas Department of Public Safety, which manages licenses, were likely unaware of the hack until recently because of theirs own databases have not been compromised.

How do i know?

The answer is illuminating. First, the first word about this huge violation did not come from the authorities or the company. It came from some watchdog readers being notified by their Experian identity protection service that their driver’s license information was available on the dark internet.

They apparently knew about it before state officials and local police departments did. That is embarrassing.

After hearing from the two readers, I contacted DMV and DPS on October 1st and asked if they knew about it. DMV sent me to DPS, which reported that its databases had not been compromised. I told the two readers and posted the information that there was no hack. But there was.

DMV later told me that it learned of the violation in mid-October. DPS said it was checked when first found out, but DPS didn’t tell me.

These two readers – M. Perry and Sandra Bakkethun – were like canaries in the coal mine, warning in advance that there was a leak, either in a mine or, in this case, in a major data breach. Hats off to Experian who caught this first.

“Thank you for getting in touch,” a DPS spokesman wrote to me on October 2nd in response to my first request. “DPS has no indication that there has been a violation of the Texas driver’s license system. The department is currently working with other government agencies as well as the FBI to gather more information. “

DMV spokesman Adam Shaivitz said to me last week: “We were not aware of this incident at the time [when I originally asked in early October]. The Attorney General’s Office has an active investigation into the Vertafore violation. “

The AG’s office declined to comment as an investigation is pending.

“Worried and Confused”

Before I tell you how crooks can use it and what to do, I’d like to publicly thank Perry and Bakkethun for alerting me early on, even though I wasn’t able to verify at first.

When I later informed them that they were right, Perry said, “Good, good. My reaction is that I am not in the least surprised. No wonder I had no idea about it until I was made aware that it was on the dark web. I knew that at some point you would find out because when I called the police to report it and they told me that five or six other people had called on the same day about the same thing, I knew it wasn’t just one Is coincidence. “

Crooks don’t need a physical driver’s license, which Perry didn’t understand at first.

“I don’t understand how or when my driver’s license could have been compromised. I always have it with me and the only time I ever use it is when a doctor’s office needs it. “

Bakkethun, who first contacted me in September, said, “I am a little concerned and very irritated.”

She looked for information on the DMV website, but it wasn’t. (Remember DMV said it didn’t know.)

“I also wonder if you have any ideas about what I should do with my license now. Suggestions are very much appreciated. “

“Many possibilities”

I do. But first some good news. The following was not taken: your signature on your driver’s license, photo, ID number, eye color, gender or height. No social security numbers or other financial account information was recorded.

The perpetrator company said in a statement: “We also do not know how this information can be used to commit fraud.”

Doh. Here I have to explain to Vertafore how this theft works.

If I’m a crook, I can send you a letter or email pretending to be from your credit institution, identify the correct vehicle, and ask you to send your payment to a different address. Or, the thieves may offer you a special rate on your loan and ask you to click on a malicious web address or confuse you enough to send them money. There are many ways to do this, Vertafore.

Protect yourself

A new state law requires companies to notify authorities and consumers within 60 days of a data breach. That doesn’t help much here either. Nobody has officially informed you or me of this yet.

So what can you do

First off, note that Experian was the first warning here. My identity theft service has yet to inform me.

Second, keep an eye on your credit report, which you can get for free. Just go to www.AnnualCreditReport.com or call 1-877-322-8228.

Third, Vertafore offers us free credit monitoring and identity recovery for one year. You can check-in at Vertafore at 888-479-3560. Their website for this is www.vertafore.kroll.com.

Fourth, put a fraud notice on your credit accounts. I’ve previously shown how to do this with Experian, Equifax, and TransUnion.

To learn more, The Watchdog recommends www.consumer.gov/idtheft and the Texas DPS Identity Theft Information Guide, as well as the Identity Theft Resource Center (Idtheftcenter.org).

CORRECTION, 9:30 p.m., Nov 21, 2020: An earlier version of this story gave an outdated phone number for AnnualCreditReport.com. The phone number is 1-877-322-8228.

Become a citizen of the Watchdog Nation. Join Dave Lieber and learn to be a super consumer.

Check out this free training video from Dave: https://youtu.be/uhUEUCNKGjc

Subscribe: PLEASE support The Watchdog’s straightforward journalism, which will save you time, money and trouble. Treat yourself to a full digital subscription to DallasNews.com.

Or use my special watchdog code: https://dmn.pub/WATCHDOG

NEVER MISS THE Guard Dog’s TWO Reports a Week. Sign up here.

Watchdog Newsletter: Sign up for The Watchdog’s FREE weekly newsletter to keep up to date: click here.

Watchdog Story Page: You Can’t Afford To Miss The Watchdog. Always follow our latest coverage on the Watchdog homepage.

Do you use facebook Connect with The Watchdog on our Facebook group. Look for “Dallas News Watchdog Posse”.

The Dallas Morning News Watchdog column is the 2019 National Society of Newspaper Columnists Grand Prize Winner for Columns. The competition judge called his winning entries “models for exciting storytelling and public service”.

Read his profit columns:

* Help the widow of Officer JD Tippit, the Dallas police officer killed by Lee Harvey Oswald, to be buried next to her late husband

* Help a waitress injured by an unscrupulous used car dealer