2 minutes read

Auto Insurance Provider Exposed 250k Documents Online

Jeremiah Fowler

Jeremiah Fowler

Auto Insurance Provider Exposed 250k Documents Online

Recently I discovered a non-password protected database that contained scans and images of vehicle registrations, division of motor vehicle registration applications, certificate of insurance cards, vehicle titles, driver’s licenses, state medicaid health coverage cards, and more. Upon further research all of the policies I saw listed USA Underwriters as the primary insurer. I immediately sent a responsible disclosure notice by email to USA Underwriters regarding my findings. Later I spoke with an employee of USA Underwriters who told me these records and database belonged to a third-party vendor named RateForce. This also matched the name of the database which was listed as “RF******Prod”(redacted for security reasons). RateForce provides a platform to compare car insurance quotes online and, according to their website, they have provided nearly 11 million quotes since 2014. In 2021, RateForce, LLC ranked #2 on the Inc. 5000 list of fastest-growing private companies in the insurance industry. The

Details of what the database contained

  • 96,175 folders that contained a total of 255,756 records with a size of 93.93 GB.
  • Folders contained insurance policy cards and driver’s licenses (front and back sides).
  • Some folders also included additional documents such as auto loan information that contained PII and social security numbers, vehicle titles, applications for titles, state registrations, Medicaid or health insurance cards, utility bills showing proof of residence, letters from banks showing active accounts, and partial account numbers.
  • The breach included customer and applicant names, home addresses, phone numbers, driver’s license numbers, vehicle identification numbers (VINs), and insurance policy details.
  • Sales records with auto dealer information that included EIN tax identification numbers and other sales or vehicle data. Some included the buyer’s social security number (SSN) in plain text.

Read my full report here.