Hackers breached the systems of a third-party license vendor serving the Texas Parks and Wildlife Department, resulting in the theft of personal information for about 3 million individuals who purchased hunting and fishing licenses. The compromised data includes contact details and government-issued identification numbers but excludes Social Security numbers, birth dates, and financial data. The breach does not appear to have targeted any specific demographic, and license sales remain unaffected. TPWD has taken immediate steps to improve security controls and plans additional security enhancements in collaboration with the vendor. The identity of the attacker and the vendor have not been disclosed.

The breach exposed personal identifying information of approximately 3 million individuals, including email addresses, physical addresses, phone numbers, driver’s license numbers, and passport numbers. However, more sensitive data such as Social Security numbers, dates of birth, and financial information were not accessed. There is no evidence of targeting minors or specific groups. The incident could lead to increased risks of identity theft or phishing attacks for affected individuals. Operational impact on TPWD license sales was not reported.

TPWD and the affected third-party vendor have already implemented immediate measures to strengthen access controls on customer profile data. Additional security features are planned for future deployment. Affected individuals should be notified and advised to monitor for suspicious activity. Since the breach involved a third-party vendor, TPWD is working closely with them to enhance cybersecurity. No patch or direct remediation applies as this is a breach incident rather than a software vulnerability.