A software misconfiguration in the Texas General Land Office’s online grant system exposed the personal data of 44,485 individuals, including names, addresses, Social Security numbers, identification numbers, banking details, medical information, and birth dates. The breach was discovered in late July 2025 when a user reported seeing other users’ data via the system’s search function. While the issue was fixed immediately, the agency remains uncertain about how long the misconfiguration was active or whether unauthorized parties accessed or exfiltrated the exposed records. This incident is part of a broader trend of data breaches affecting Texas state agencies, raising concerns over systemic vulnerabilities in government IT infrastructure. The exposed data particularly SSNs, financial details, and medical records poses significant risks of identity theft, financial fraud, and long-term reputational damage for affected individuals and the agency.
Source: https://www.kaseya.com/?post_type=post&p=24506
TPRM report: https://www.rankiteo.com/company/texas-general-land-office
"id": "tex2765827100325",
"linkid": "texas-general-land-office",
"type": "Breach",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '44,485',
'industry': 'Government & Public Sector',
'location': 'Texas, USA',
'name': 'Texas General Land Office',
'type': 'Government Agency'}],
'attack_vector': 'Misconfiguration',
'data_breach': {'data_exfiltration': 'Unknown',
'number_of_records_exposed': '44,485',
'personally_identifiable_information': ['Names',
'Addresses',
'Social Security '
'Numbers',
'Birth Dates'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['PII',
'Financial Data',
'Medical Information']},
'date_detected': '2025-07-31',
'date_resolved': '2025-07-31',
'description': 'A software misconfiguration in the Texas General Land '
"Office's online grant system exposed the personal data of "
'over 40,000 individuals. The breach was discovered in late '
"July 2025 when a user noticed they could access other users' "
'information via the search function. Exposed data includes '
'names, addresses, Social Security numbers, banking details, '
'medical information, and birth dates. The issue was fixed '
'immediately, but the duration of exposure and the number of '
'accessed records remain unknown.',
'impact': {'brand_reputation_impact': 'High (Part of a troubling string of '
'breaches in Texas state agencies)',
'data_compromised': ['Names',
'Addresses',
'Social Security Numbers',
'Identification Numbers',
'Banking Details',
'Medical Information',
'Birth Dates'],
'identity_theft_risk': 'High',
'payment_information_risk': 'High',
'systems_affected': ['Texas Integrated Grant Reporting System']},
'investigation_status': 'Ongoing (Duration of exposure and accessed records '
'unknown)',
'lessons_learned': 'Regular audits, monitoring, and strict configuration '
'management are essential to prevent similar exposures.',
'post_incident_analysis': {'corrective_actions': ['Immediate fix applied',
'No further details '
'provided'],
'root_causes': ['Software misconfiguration in the '
'grant system']},
'recommendations': ['Conduct regular security audits',
'Implement continuous monitoring',
'Enforce strict configuration management policies'],
'references': [{'source': 'Texas Attorney General’s listing of data security '
'incidents'}],
'regulatory_compliance': {'regulatory_notifications': ['Reported to Texas '
'Attorney General']},
'response': {'containment_measures': ['Immediate fix of the misconfiguration'],
'incident_response_plan_activated': 'Yes (Issue fixed '
'immediately after '
'discovery)'},
'title': 'Texas General Land Office Data Breach Due to Software '
'Misconfiguration',
'type': 'Data Breach',
'vulnerability_exploited': 'Software Misconfiguration in Online Grant System'}