Texas Hunting & Fishing License Breach Exposes Data of 3 Million Customers
A cybersecurity incident affecting the Texas Parks and Wildlife Department’s (TPWD) vendor-run license sales platform has exposed sensitive personal data of over 3 million hunters and anglers. The breach, detected by Texas Cyber Command, compromised driver’s license numbers, passport numbers, residential addresses, phone numbers, and email addresses though Social Security numbers, credit cards, and financial data were not accessed.
The vulnerability stems from a legacy system managed by an unnamed third-party vendor, later identified through public records as Gordon-Darby Inc. The company has operated the Texas License Connection platform (txfgsales.com) since 2013 under a $40.1 million contract awarded in 2012. The system, used by over 1,700 retail locations statewide, has remained in place for over a decade despite broader state modernization efforts, including the shift of boat registrations to the centralized TxT digital assistant.
While TPWD confirmed no minors were affected and no specific group was targeted, the exposed data particularly government-issued ID numbers paired with home addresses poses significant risks for identity fraud, phishing, and account takeovers. Experts note that such information is highly valuable for attackers, as it can bypass verification systems across multiple platforms.
TPWD is working with the vendor to implement "new safeguards and enhanced monitoring," though license sales remain unaffected for the upcoming August season. The incident underscores the risks of prolonged reliance on outdated vendor systems operating outside centralized state cybersecurity oversight. Affected individuals are advised to remain vigilant for suspicious communications referencing their personal details.
Source: https://www.gadgetreview.com/texas-parks-data-breach-exposes-over-3-million-hunters-and-anglers
Gordon-Darby, Inc. cybersecurity rating report: https://www.rankiteo.com/company/gordon-darby-inc
"id": "GOR1782837690",
"linkid": "gordon-darby-inc",
"type": "Vulnerability",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '3,000,000',
'industry': 'Government',
'location': 'Texas, USA',
'name': 'Texas Parks and Wildlife Department (TPWD)',
'size': 'Large',
'type': 'Government Agency'},
{'industry': 'Technology/Software',
'name': 'Gordon-Darby Inc.',
'type': 'Vendor'}],
'customer_advisories': 'Affected individuals are advised to remain vigilant '
'for suspicious communications referencing their '
'personal details',
'data_breach': {'number_of_records_exposed': '3,000,000',
'personally_identifiable_information': 'Driver’s license '
'numbers, passport '
'numbers, residential '
'addresses, phone '
'numbers, email '
'addresses',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal Identifiable '
'Information (PII)'},
'description': 'A cybersecurity incident affecting the Texas Parks and '
'Wildlife Department’s (TPWD) vendor-run license sales '
'platform has exposed sensitive personal data of over 3 '
'million hunters and anglers. The breach compromised driver’s '
'license numbers, passport numbers, residential addresses, '
'phone numbers, and email addresses, though Social Security '
'numbers, credit cards, and financial data were not accessed.',
'impact': {'brand_reputation_impact': 'Significant',
'data_compromised': 'Driver’s license numbers, passport numbers, '
'residential addresses, phone numbers, email '
'addresses',
'identity_theft_risk': 'High',
'payment_information_risk': 'None',
'systems_affected': 'Texas License Connection platform '
'(txfgsales.com)'},
'lessons_learned': 'Risks of prolonged reliance on outdated vendor systems '
'operating outside centralized state cybersecurity '
'oversight',
'post_incident_analysis': {'corrective_actions': 'New safeguards and enhanced '
'monitoring',
'root_causes': 'Legacy system vulnerability, lack '
'of centralized cybersecurity '
'oversight'},
'recommendations': 'Modernize legacy systems, enhance vendor oversight, and '
'implement stronger monitoring',
'references': [{'source': 'Public records and news reports'}],
'response': {'communication_strategy': 'Advisories to affected individuals',
'enhanced_monitoring': 'Yes',
'remediation_measures': 'New safeguards and enhanced monitoring'},
'title': 'Texas Hunting & Fishing License Breach Exposes Data of 3 Million '
'Customers',
'type': 'Data Breach',
'vulnerability_exploited': 'Legacy system vulnerability'}