// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-newsDTG 0600Z
ColdRecon / Breach Radar / RateForce
Breach Record

RateForce

DISCLOSED 2025-03-19 · MISCONFIG · 100,000 RECORDS EXPOSED

RateForce, a US-based auto insurance comparison site, left an Amazon S3 bucket publicly accessible, exposing over 100,000 customers' personal data and insurance documents. The exposed data included driver's licenses, vehicle registrations, claim forms, and accident reports. The misconfiguration was discovered by cybersecurity researchers and has since been secured.

The record

What we know

Disclosed
2025-03-19
Attack vector
Misconfig
Sector
Insurance
Country
US
Records exposed
100,000
Domain
rateforce.com
Data classes exposed
personal informationinsurance documentsdriver's licensesvehicle registration cardsinsurance claim formsauto insurance cardsaccident reportsphotos of vehicles
ColdRecon assessment

Could a positive-security control have prevented this?

Verdict · would prevent · opinion

A positive-security model that enforces known-good configurations would have prevented this exposure by ensuring the S3 bucket was not publicly accessible, as the misconfiguration was the sole cause.

Our assessments are opinion, grounded in the cited public facts. Read them critically.

Sources

Cited reporting

Similar vector · recent

Other misconfig breaches on file

This page is the permanent ColdRecon entry for the RateForce disclosure. It updates if new public reporting emerges. All tracked breaches →

RateForce just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →