A data breach at a third-party license system vendor for the Texas Parks and Wildlife Department exposed personally identifiable information for approximately 3,087,721 Texas hunting and fishing license customers. The compromised data includes driver’s license details, passport numbers, email addresses, phone numbers, and residential addresses. Social Security Numbers, dates of birth, and financial information such as credit card data were not affected. The breach was discovered by Texas Cyber Command, which initiated an investigation. TPWD is collaborating with the vendor to implement new security measures and enhanced monitoring. The exposed data could be used in phishing or social engineering attacks but there is no evidence of targeting specific groups or minors.

The breach exposed sensitive personally identifiable information of over three million individuals, which could be leveraged for phishing, impersonation, and social engineering attacks. However, critical data such as Social Security Numbers, financial information, and dates of birth were not compromised, reducing the risk of direct financial fraud. The exposure of driver’s license and passport numbers increases the risk of identity theft and targeted scams. The incident affects a large number of Texas residents who obtained hunting and fishing licenses through the vendor.

TPWD is working closely with the affected license system vendor to implement new safeguards and enhanced monitoring services. Impacted individuals are eligible for one year of free credit monitoring. Customers are advised to monitor their credit reports and financial statements, consider placing credit freezes or fraud alerts with major credit bureaus, and remain vigilant against phishing and impersonation scams. No official patch or fix applies as this is a data breach involving a third-party vendor system rather than a software vulnerability.