Hackers compromised an account at the Texas Department of Transportation (TxDOT), gaining access to the Crash Records Information System (CRIS) and downloading almost 300,000 crash reports. The breached data includes names, addresses, driver’s license numbers, license plate numbers, car insurance policy numbers, details of injuries sustained during crashes, and narratives of the incidents. Texas officials decided to notify impacted individuals despite no legal requirement to do so. They also created a dedicated call line for victims.
Source: https://therecord.media/car-crash-records-stolen-texas-transportation-department
TPRM report: https://scoringcyber.rankiteo.com/company/texas-department-of-transportation
"id": "tex001061025",
"linkid": "texas-department-of-transportation",
"type": "Breach",
"date": "6/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 300000,
'industry': 'Transportation',
'location': 'Texas, USA',
'name': 'Texas Department of Transportation (TxDOT)',
'type': 'Government Agency'},
{'customers_affected': 933,
'industry': 'Healthcare',
'location': 'Illinois, USA',
'name': 'Illinois Department of Healthcare and Family '
'Services (HFS)',
'type': 'Government Agency'}],
'attack_vector': ['Compromised Account', 'Phishing'],
'customer_advisories': ['Letters to impacted individuals',
'Dedicated call line for victims'],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': [300000, 933],
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Crash Reports',
'Personal Information',
'Social Security Numbers',
"Driver's Licenses",
'State ID Cards',
'Financial Information']},
'date_detected': ['2023-05-12'],
'description': 'State agencies in Texas and Illinois released warnings about '
'data breaches affecting the sensitive information of '
'thousands of people.',
'impact': {'data_compromised': ['Crash Reports',
'Personal Information',
'Social Security Numbers',
"Driver's Licenses",
'State ID Cards',
'Financial Information'],
'systems_affected': ['Crash Records Information System (CRIS)',
'Employee Email Accounts']},
'initial_access_broker': {'entry_point': ['Compromised Account',
'Phishing Email']},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'root_causes': ['Compromised Account',
'Phishing Email']},
'response': {'communication_strategy': ['Letters to impacted individuals',
'Dedicated call line for victims'],
'containment_measures': ['Shut down compromised account']},
'title': 'Data Breaches in Texas and Illinois State Agencies',
'type': ['Data Breach', 'Phishing'],
'vulnerability_exploited': ['Unauthorized Access', 'Phishing Email']}