The breach took place on September 27, 2013 and was discovered on April 2, 2014. It turns out that someone goofed during a system upgrade and the system was made publicly accessible. The data was accessible to anyone who could enter a search into Google, Bing or what have you. This should not have been designed in this matter. At no point should this data have ever been passed over FTP. My next question would be, Was the data even encrypted? Waiting to hear back on that point but, bearing in mind the first point I’ll guess the answer is no.”]
Source: https://www.csoonline.com/article/2364469/safetyfirst-driver-safety-firm-ftp-server-compromised.html