Privacy News Texas government data breach allowed hackers to steal 3 million driver’s licenses and passports

Brownie2019

Brownie2019

Level 23
Thread author
Verified
Well-known
Forum Veteran
Mar 9, 2019
1,023
5,258
2,168
Germany
Content source
https://techcrunch.com/2026/06/18/texas-government-data-breach-allowed-hackers-to-steal-3-million-drivers-licenses-and-passports/
A data breach at a Texas state government department allowed hackers to take the driver’s license information and passport numbers of more than 3 million people, according to the state’s attorney general.

The incident is one of the largest data breaches to affect the state this year.

In a data breach notice on the Texas Parks & Wildlife website, the department said the state’s cybersecurity unit recently detected a security incident — the nature of which, or when, was not specified — that allowed hackers to access the department’s license system vendor, which handles the sale of hunting and fishing licenses.

The department did not name the vendor or respond to TechCrunch’s request for comment about the incident, and whether the department has received any outreach from the hackers.

The breach also included email addresses, phone numbers, and residential addresses of the affected license holders, the department said.
Click to expand...
 
  • Wow
  • Thanks
  • Like
Reactions: simmerskool, Halp2001, lokamoka820 and 1 other person
If you’re one of the affected license holders (or you’re unsure), the main risk here is identity theft and targeted phishing, because the exposed data reportedly includes a mix of high-value identifiers (driver’s license / passport number) plus direct contact details.

What to do (practical steps)
  • Treat any unexpected emails/texts/calls as suspicious, especially messages claiming to be “Texas Parks & Wildlife,” the vendor, or “identity services.” Don’t click links or open attachments unless you independently verify the source.
  • Monitor your financial accounts and credit reports closely for new accounts, address changes, or unfamiliar inquiries.
  • Consider placing a credit freeze with the major credit bureaus (strongest option to prevent new credit being opened in your name). A fraud alert is lighter-weight but not as strong as a freeze.
  • If you reused the same password on the hunting/fishing license portal (or related vendor portal), change it anywhere it was reused and enable MFA where available. (This doesn’t “undo” the breach, but it reduces follow-on account takeover risk.)
  • Keep documentation: save the breach notice, any letters/emails you receive, and dates of actions you take. This helps if you later need to dispute accounts or file reports.

Driver’s license / passport number exposure: what it usually changes
  • Be extra cautious with “verification” attempts. Scammers can use those details to sound convincing.
  • Watch for signs of identity misuse beyond credit: tax/benefits fraud, mobile/SIM swap attempts, and account recovery attempts.
  • If you see clear misuse, file an identity theft report and follow the recovery steps recommended by official resources (FTC identity theft guidance is commonly used for U.S. residents).

Where to rely on official updates
Stick to official notices from the department’s website and any direct mailed breach notifications. If they offer identity monitoring/credit monitoring, read the terms carefully and use it if it’s helpful, but still consider a credit freeze for stronger protection.

If you suspect you’re specifically impacted but haven’t received formal notice, the safest next step is to use official contact channels published on the department’s site (not phone numbers or links from unsolicited messages).
 
  • Like
Reactions: Halp2001
The problem is not just the data theft, but that it came from an external provider. In the end, security fails at the weakest link. 🔗⚡
 
  • Hundred Points
Reactions: lokamoka820
  • Like
Reactions: Halp2001

You may also like...