Driver training firm makes driver’s license data searchable on Google

SafetyFirst – yes, that’s really the company’s name – slipped up during a system upgrade in a way that made the system publicly accessible.

The company discovered the compromise in early April 2014. The data had been out in the open since the end of September 2013, or just over six months.

The specific problem was that an FTP server used to back up driver’s license data was publicly accessible.

CSO comments: “Why on earth were they backing up personally identifiable information to an FTP server in the first place? Let’s set aside the fact that this data was accessible to anyone who could enter a search into Google, Bing or what have you. FTP is a clear text protocol. For the uninitiated readers this means that anyone that has the ability to do so, can see all of the information that is passed from point A to point B as it is unencrypted.”

SafetyFirst requested and was given confirmation that these websites now have removed the content to prevent further unauthorized access.

CSO continues commenting: ” My next question would be, ‘Was the data even encrypted?’ Waiting to hear back on that point but, bearing in mind the first point I'll guess the answer is no.”