3 Million Texans Exposed in TPWD Hunting License Data Breach
A cyberattack on a third-party vendor has exposed the personal information of millions of Texans who hold hunting and fishing licenses.
If you've ever bought a hunting or fishing license in Texas, there's a good chance your personal information was just compromised in a significant data breach.
The Texas Parks and Wildlife Department announced that Texas Cyber Command recently detected a breach involving a vendor that handles the sale of hunting and fishing licenses. An investigation found that an unauthorized actor may have obtained driver's license information, passport numbers if provided, email addresses, phone numbers, and residential addresses. According to a filing with the Office of the Attorney General, the attack on the unnamed vendor affected 3,087,721 Texans.
The good news, if there is any, is that the breach wasn't as bad as it could have been. TPWD confirmed that Social Security numbers, dates of birth, and financial information, including credit card details, were not obtained. The agency also said there is no evidence that customers younger than 18 were involved or that any specific group was targeted.
TPWD has not publicly named the vendor responsible. "Many of our staff are hunters and anglers and were affected by this incident," TPWD said, adding that immediate steps were taken to strengthen access controls and that additional security features will be added in the future. The department said it is working with the unnamed vendor to implement new safeguards and enhanced monitoring services, and that license sales for the August season will proceed as scheduled.
Cybersecurity analysts note that attackers are increasingly targeting third-party vendors because a single break-in can expose data on millions of people at once, a pattern that has appeared in several high-profile vendor breaches this year. Threat intelligence reporting has linked the same threat actor to a similar breach at Virginia's Department of Wildlife Resources, raising concerns that the problem may extend beyond Texas. State hunting and fishing license systems nationwide often run on a small number of shared software platforms that collect government ID data by design, meaning a vulnerability in one could potentially affect license holders across multiple states.
TPWD is encouraging customers to review their credit reports and financial statements for unauthorized activity, freeze their credit with Equifax, Experian, and TransUnion, place a free one-year fraud alert through any of the three major credit bureaus, and stay alert for phishing attempts that may use stolen personal information to impersonate companies or government officials.
Anyone impacted is eligible for a free year of credit monitoring through Kroll by calling (844) 959-7123, available Monday through Friday from 8 AM to 5:30 PM ET. The deadline to enroll is September 14. Those who are unsure whether they were affected can contact the Kroll enrollment line directly or check the Texas Parks and Wildlife Department's official website for updates.
For more articles like this, visit our Tech News page!