The Texas Parks and Wildlife Department said a breach at its license system vendor exposed personal information tied to 3,087,721 Texas hunting and fishing license customers. The incident was discovered by the Texas Cyber Command, and the agency said Social Security numbers, dates of birth and financial information were not affected.
KEY FACTS
- Scope Personal data linked to 3,087,721 customers may have been exposed.
- Data types The disclosure said driver’s license information, passport numbers, email addresses, phone numbers and residential addresses were involved.
- Not impacted Social Security numbers, dates of birth and credit card data were not affected.
- Response The agency is working with the vendor on new safeguards and enhanced monitoring.
The incident involved the state agency’s license system vendor, which handles hunting and fishing licenses and permits sold through an outside provider. TPWD said it has not identified evidence that customers under 18 were involved or that any specific group was targeted.
The data breach notification said the exposed information could be used in phishing and social engineering attacks. BleepingComputer said it had contacted TPWD for more information, including the name of the third-party service provider, but had not received a statement.
Impacted individuals are eligible for one year of free credit monitoring, and the agency advised them to review credit reports and financial statements. It also recommended credit freezes or fraud alerts with major bureaus and warned people to watch for impersonation scams.
WHY IT MATTERS
The exposed data is enough for criminals to build convincing phishing messages and identity theft attempts. Even without Social Security numbers or financial data, the breach raises the risk of scams aimed at affected customers.