Texas Parks and Wildlife Data Breach Exposes Personal Information of 3 Million License Holders
Texas Parks and Wildlife (TPWD) has notified over 3 million individuals that their personal data may have been compromised in a cybersecurity incident linked to the third-party vendor managing the state’s hunting and fishing license sales system. The breach was detected by Texas Cyber Command, which identified unauthorized access to customer profile information.
Exposed data includes driver’s license details, passport numbers (for those who provided them), email addresses, phone numbers, and home addresses. However, Social Security numbers, birth dates, and financial information such as payment card details were not affected. TPWD confirmed that minors and specific demographic groups were not targeted, and no evidence suggests the breach was selective.
In response, TPWD has strengthened data access protections and is collaborating with the vendor to implement additional security measures and monitoring. License sales remain unaffected, with operations continuing as planned for August and the upcoming license year.
Affected individuals are eligible for a year of free identity monitoring through Kroll, with enrollment available until September 14. A dedicated support line (844) 959-7123 operates Monday through Friday, 8 a.m. to 5:30 p.m. CT. TPWD has also advised impacted customers to monitor credit reports, consider fraud alerts or credit freezes, and remain vigilant against potential scams.
Third-party vendor managing Texas hunting and fishing license sales system TPRM report: https://www.rankiteo.com/company/payitgov
Texas Parks and Wildlife TPRM report: https://www.rankiteo.com/company/texas-parks-and-wildlife-ctr
"id": "paytex1782146978",
"linkid": "payitgov, texas-parks-and-wildlife-ctr",
"type": "Breach",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '3 million',
'industry': 'Government (Parks and Wildlife)',
'location': 'Texas, USA',
'name': 'Texas Parks and Wildlife (TPWD)',
'type': 'Government Agency'}],
'attack_vector': 'Third-party vendor compromise',
'customer_advisories': 'Affected individuals advised to enroll in free '
'identity monitoring through Kroll, monitor credit '
'reports, and consider fraud alerts or credit freezes',
'data_breach': {'number_of_records_exposed': '3 million',
'personally_identifiable_information': 'Driver’s license '
'details, passport '
'numbers, email '
'addresses, phone '
'numbers, home '
'addresses',
'sensitivity_of_data': 'High (driver’s license, passport '
'numbers, contact details)',
'type_of_data_compromised': 'Personal Identifiable '
'Information (PII)'},
'description': 'Texas Parks and Wildlife (TPWD) has notified over 3 million '
'individuals that their personal data may have been '
'compromised in a cybersecurity incident linked to the '
'third-party vendor managing the state’s hunting and fishing '
'license sales system. The breach was detected by Texas Cyber '
'Command, which identified unauthorized access to customer '
'profile information. Exposed data includes driver’s license '
'details, passport numbers, email addresses, phone numbers, '
'and home addresses. Social Security numbers, birth dates, and '
'financial information such as payment card details were not '
'affected. TPWD confirmed that minors and specific demographic '
'groups were not targeted, and no evidence suggests the breach '
'was selective.',
'impact': {'data_compromised': 'Driver’s license details, passport numbers, '
'email addresses, phone numbers, home '
'addresses',
'identity_theft_risk': 'High (due to exposed PII)',
'operational_impact': 'License sales remain unaffected',
'payment_information_risk': 'None (payment card details not '
'affected)',
'systems_affected': 'Hunting and fishing license sales system'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': 'Strengthened data access '
'protections, additional '
'security measures and '
'monitoring',
'root_causes': 'Third-party vendor compromise'},
'recommendations': 'Monitor credit reports, consider fraud alerts or credit '
'freezes, remain vigilant against potential scams',
'references': [{'source': 'Texas Parks and Wildlife Notification'}],
'response': {'communication_strategy': 'Notification to affected individuals, '
'dedicated support line, advisories on '
'credit monitoring and fraud alerts',
'containment_measures': 'Strengthened data access protections',
'enhanced_monitoring': 'Yes',
'remediation_measures': 'Additional security measures and '
'monitoring implemented in collaboration '
'with the vendor',
'third_party_assistance': 'Kroll (identity monitoring)'},
'title': 'Texas Parks and Wildlife Data Breach Exposes Personal Information '
'of 3 Million License Holders',
'type': 'Data Breach'}