Exposure of Motor Vehicle Registration Data via Auto Insurance Quotes

An interesting item that we ran into recently: most US-based auto insurance companies bulk-purchase vehicle registration and driver records from state motor vehicle departments. This information is used for two separate purposes:

  • To adjust rates based on accident history, both for the state as whole and individual policy holders
  • For marketing purposes – either to proactively send marketing materials/ads, OR to make quotes easier.

The second item is interesting since it exposes vehicle registration information via web portals and mobile apps. This can be obtained by a malicious attacker by going through the online or mobile auto insurance quote process. Not clear how sensitive/private such data is or the legal implications of obtaining it this way.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.