Learner driver data exposed in worrying breach - thousands affected
Brazilian driving school left major database unprotected online
A major Brazilian driving school appears to have exposed the sensitive information of up to 400,000 individuals after failing to properly secure a cloud database.
Researchers from Cybernews claim to have found an unprotected Google Cloud Storage bucket containing information about Brazilian Learner’s Driving permits - Licença De Aprendizagem De Direção Veicular.
The learner permit is a document that the Brazilian government issues to people currently attending driving lessons, allowing them to drive a vehicle during lessons. Cybernews says the archive is most likely owned by a driving school from Sao Paulo, called Centro de Formação de Condutores Free Alda.
Still available
Most of the exposed data carries a Detran insignia - which stands for State Department of Traffic (Departamento Estadual de Trânsito).
The researchers believe that up to 400,000 individuals have had sensitive data exposed this way, including full names, photographs, postal addresses, government ID numbers, taxpayers’ numbers, details about the driving permit, including issue date and validity period, signatures, IP addresses, and user phone models. This is more than enough to run all sorts of cybercrime, from identity theft to wire fraud.
The pros think the archive was either misconfigured, or not properly secured. It is impossible to determine for how long it remained open, or if anyone accessed it before they found it. The Cybernews team says they made the discovery on June 2, and that the school was subsequently contacted by Brazil’s CERT. However, as late as September 19, the archive was still open to anyone who knew where to look.
“The exposed data could be exploited by malicious actors for identity theft, fraud, or other illegal activities. Moreover, a breach of this type can undermine public trust in governmental agencies responsible for managing and protecting sensitive personal information,” Cybernews researchers said.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
More from TechRadar Pro
- Mystery database containing sensitive info on 762,000 car-owners discovered by researchers
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.