The massive breach of personal records of British motorists was revealed by Sun Online in a report in which the paper said hackers obtained the vast tranche of personal data after breaching a web server owned by an insurance company.
The breach reportedly took place in October and involved the theft of the personal data of British motorists who were applying for new insurance cover. Hackers are now trying to monetise the stolen data by putting it up for sale on the dark market.
The breached data includes full names, addresses, phone numbers, dates of birth, email addresses and driving licences of motorists living across the UK. Aside from monetising the stolen data, hackers could use the stolen data to commit identity fraud or to perpetrate sophisticated phishing scams.
"It looks like the data has come from a hacked insurance company web server. The hacker appears to have ongoing access to several different insurance-related servers, as he’s been claiming that he has more data like it and from more than one source," cyber expert Neil Doyle told Sun Online.
"It’s a serious leak as the details contained in the database include some confidential information such as driving licence numbers and home addresses. The information is a gold mine for criminals, as the details leave the victims exposed to attempts by criminals to scam money from the victims
"The details could be used to access bank accounts and drain them of funds, or the details could be used to create fake ID documents to open new accounts to be used for money laundering. There are many ways the information could be exploited - even expired credit cards details have value on the dark web and are bought and sold in great numbers.
"Tens of thousands of people are now being exposed and insurance firms will now need to urgently check to see if their servers have been breached," he added.
It is not uncommon for cyber criminals to target car retailers, vehicle insurance companies, or licence issuers to gain access to vast amounts of data belonging to citizens. In 2017, personal details of thousands of British motorists were exposed after hackers breached a database owned by British car parking app RingGo.
Earlier this year, The Driver and Vehicle Licensing Agency (DVLA) warned that hackers and scammers are regularly targeting British drivers with various web, email, text and social media scams with the aim of tricking motorists into handing over their money.
DVLA said reports of suspected web, email, text or social media scams rose by 20% from 1,275 in the last three months of 2018 to 1,538 reports in the same period in 2019. Scammers have been found targeting unsuspecting customers with links to services that do not exist and messages of tax refunds, all of which are fake.
"We’ve released examples of real-life scams to help motorists understand when a scam is at work. These websites and messages are designed to trick people into believing they can access services that simply don’t exist such as removing penalty points from driving licences," said DVLA chief information security officer David Pope.
"All our tax refunds are generated automatically after a motorist has told us they have sold, scrapped or transferred their vehicle to someone else so we don’t ask for anyone to get in touch with us to claim their refund. We want to protect the public and if something seems too good to be true, then it almost certainly is. The only trusted source of DVLA information is GOV.UK.
"It is also important to remember never to share images on social media that contain personal information, such as your driving licence and vehicle documents," he added.