…as a result of human error, three data files were inadvertently stored in an unsecured external storage service that appears to have been accessed without authorization.

The files, which included driver information for licenses issued before February 2019, contained Texas driver license numbers, as well as names, dates of birth, addresses and vehicle registration histories. 

They did not contain any Social Security numbers or financial account information.

What?!? Unsecured storage? Wait, does that mean a USB external drive had unencrypted data in violation of everything that makes good sense to protect? Even if the lost data is gone, it contains the following personally identifiable information:

• Names
• Dates of birth
• Addresses
• Vehicle registration histories

Although Vertafore claims the following, ask yourself, really, is that enough? This affects ALL Texas driver license recipients. 

…ALL Texas driver license recipients and out of an abundance of caution, Vertafore is offering them one year of free credit monitoring and identity restoration services in recognition that these services offer valuable protection in other contexts beyond this event.

The answer, in case you’re wondering, to my question is “No.” Consider this insight from EZShield:

A few years into what has become a steady stream of data breaches, complimentary data protection often follows suit. This creates the illusion of protection. But, once you break through the surface of many free offerings, the wrapping is often more appealing than the contents.

That’s a disturbing pattern, isn’t it? From Texas Retirement System (TRS) to Texas Drivers License, why can’t the current Republican administration (The buck stops at your desk, Governor Abbott) get data protection in place? 

As EZShield article points out, what we have is the ILLUSION OF PROTECTION. One year’s protection of identity theft isn’t going to get the job done. Why aren’t we using tokenization to better protect data that ends up on unencrypted USB external drives? And, my gosh, it’s so easy to encrypt data on encrypted drives.

Learn more about Safe Harbor and State of Texas Breach Notification Laws – Zymitry

Safe Harbor refers to specific actions that an individual or an organization can take to show a good-faith effort in complying with the law. This good-faith effort provides a person or organization “Safe Harbor”

How hard is it to encrypt data?

It’s not. But you have to invest in professional learning programs, train all your staff, not just the rarified data handlers. When are we going to finally get this together?

You can easily use the following tools, all available at no cost:

• 7zip for Windows – This is a zip/7zip compression program that combines multiple files into one. Works great with a wide variety of files. Think of it as putting a folder of files into ONE file that is compressed for space and encrypted for security.
• FileLock – A web-based tool that encrypts files. You can save the website to your computer and run it locally, as well.
• Keka Zip for Macs – This is the same thing as 7zip but for Mac computers.
• Paranoia’s Secure Space Encryptor (SSE) – Here is (what I think) is the best cross-platform encryption tool available. It works on the most platforms (e.g. Android, Mac, Windows). One of the features is that it can take a folder of files and encrypt them all into ONE file

---