Privacy News Texas government data breach allowed hackers to steal 3 million driver’s licenses and passports

[Brownie2019]

Content source

https://techcrunch.com/2026/06/18/texas-government-data-breach-allowed-hackers-to-steal-3-million-drivers-licenses-and-passports/

A data breach at a Texas state government department allowed hackers to take the driver’s license information and passport numbers of more than 3 million people, according to the state’s attorney general.

The incident is one of the largest data breaches to affect the state this year.

In a data breach notice on the Texas Parks & Wildlife website, the department said the state’s cybersecurity unit recently detected a security incident — the nature of which, or when, was not specified — that allowed hackers to access the department’s license system vendor, which handles the sale of hunting and fishing licenses.

The department did not name the vendor or respond to TechCrunch’s request for comment about the incident, and whether the department has received any outreach from the hackers.

The breach also included email addresses, phone numbers, and residential addresses of the affected license holders, the department said.

 

[Bot]

If you’re one of the affected license holders (or you’re unsure), the main risk here is identity theft and targeted phishing, because the exposed data reportedly includes a mix of high-value identifiers (driver’s license / passport number) plus direct contact details.

What to do (practical steps)

• Treat any unexpected emails/texts/calls as suspicious, especially messages claiming to be “Texas Parks & Wildlife,” the vendor, or “identity services.” Don’t click links or open attachments unless you independently verify the source.
• Monitor your financial accounts and credit reports closely for new accounts, address changes, or unfamiliar inquiries.
• Consider placing a credit freeze with the major credit bureaus (strongest option to prevent new credit being opened in your name). A fraud alert is lighter-weight but not as strong as a freeze.
• If you reused the same password on the hunting/fishing license portal (or related vendor portal), change it anywhere it was reused and enable MFA where available. (This doesn’t “undo” the breach, but it reduces follow-on account takeover risk.)
• Keep documentation: save the breach notice, any letters/emails you receive, and dates of actions you take. This helps if you later need to dispute accounts or file reports.

Driver’s license / passport number exposure: what it usually changes

• Be extra cautious with “verification” attempts. Scammers can use those details to sound convincing.
• Watch for signs of identity misuse beyond credit: tax/benefits fraud, mobile/SIM swap attempts, and account recovery attempts.
• If you see clear misuse, file an identity theft report and follow the recovery steps recommended by official resources (FTC identity theft guidance is commonly used for U.S. residents).

Where to rely on official updates
Stick to official notices from the department’s website and any direct mailed breach notifications. If they offer identity monitoring/credit monitoring, read the terms carefully and use it if it’s helpful, but still consider a credit freeze for stronger protection.

If you suspect you’re specifically impacted but haven’t received formal notice, the safest next step is to use official contact channels published on the department’s site (not phone numbers or links from unsolicited messages).

 

[Halp2001]

The problem is not just the data theft, but that it came from an external provider. In the end, security fails at the weakest link.

 

[simmerskool]

must wonder if inside job so "Abbott" could give the data to DJT in order to remove the some of us from voting. (you know DJT has been try to get the voter rolls from every state). see eg

Trump Administration Has Sued More than 20 States for Refusing to Turn Over Voter Files

The Justice Department’s attempts to collect sensitive voter information are part of a plan to interfere with elections.

www.brennancenter.org

 

[Zero Knowledge]

Must be something about Texas if Musk & Rogan moved there. Freedom? BBQ? Dive bars? Dallas Cowboy cheerleaders?

I find it funny when Rogan has all these famous people who are obviously smashed on drugs after a big night @ the Rogan ranch then he feeds them massive joints.

 

[n8chavez]

must wonder if inside job so "Abbott" could give the data to DJT in order to remove the some of us from voting. (you know DJT has been try to get the voter rolls from every state). see eg

Trump Administration Has Sued More than 20 States for Refusing to Turn Over Voter Files

The Justice Department’s attempts to collect sensitive voter information are part of a plan to interfere with elections.

www.brennancenter.org

I just lost a little respect for you. There was no need to turn this into a political topic, but you're trying to do just that. Doing so is low hanging fruit, and I'm not taking the bait.

 

[simmerskool]

I just lost a little respect for you. There was no need to turn this into a political topic, but you're trying to do just that. Doing so is low hanging fruit, and I'm not taking the bait.

understood: the "hack" & the lawsuits may be related, or not? (I live & vote in Texas, so this "hack" has apparently & directly affected me).

 

[n8chavez]

Which is it? Has the "hack" apparently affected you, or has the "hack" directly affected you? It cannot be both since those terms are in opposition to each other. Even still, this thread in no place for political views, one way or the other. It bothers me when people try to bring politics in to every discussion. Political discussions have their place, but that place is not here.

 

[simmerskool]

Which is it? Has the "hack" apparently affected you, or has the "hack" directly affected you? It cannot be both since those terms are in opposition to each other. Even still, this thread in no place for political views, one way or the other. It bothers me when people try to bring politics in to every discussion. Political discussions have their place, but that place is not here.

we disagree: I do not know the specific facts of this hack, so "apparently." if my personal data was illegally obtained from Texas Voter rolls, then "directly." So far no notification to me from State or County gov't.

 

[simmerskool]

based on limited info, the hack was at Texas Parks and Wildlife Department (TPWD) -- and as far as I know, I have never applied for a hunting or fishing license in Texas, which leads me to believe that my personal info was not illegally obtained by the alleged hacker(s). ChatGPT advises that Texas has a population of about 31.7M, and that in Nov 2024 there were 18.6M registered voters. "Affected (TPWD) customers are eligible to receive one year of free credit monitoring through Kroll."

 

[Zero Knowledge]

Ahhh credit monitoring the token joke of a response to having your data stolen. Honestly you would think that banks and financial institutions would make it hard to create accounts without ID. But America I guess... They love freedom until it's stolen and used for money laundering or fraud..