The Texas Department of Transportation (TxDOT) suffered a cyberattack where a threat actor used compromised credentials to access its systems. Nearly 300,000 crash reports were accessed and downloaded, exposing sensitive personal information including full names, postal addresses, driver’s license numbers, license plate numbers, car insurance policy numbers, and other details like sustained injuries or crash descriptions. TxDOT immediately disabled the compromised account and notified affected individuals, warning them about potential phishing and social engineering attacks. They also mentioned implementing additional security measures to prevent future incidents.
TPRM report: https://scoringcyber.rankiteo.com/company/texas-department-of-transportation
"id": "tex605061125",
"linkid": "texas-department-of-transportation",
"type": "Breach",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Nearly 300,000',
'industry': 'Public Administration',
'location': 'Texas, USA',
'name': 'Texas Department of Transportation (TxDOT)',
'type': 'Government Agency'}],
'attack_vector': 'Compromised Credentials',
'customer_advisories': 'Warned to be wary of potential phishing and social '
'engineering attacks',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 'Nearly 300,000',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Full names',
'Postal addresses',
'Driver’s license numbers',
'License plate numbers',
'Car insurance policy numbers',
'Crash descriptions',
'Injury details']},
'description': 'The Texas Department of Transportation (TxDOT) suffered a '
'cyberattack leading to the exposure of sensitive personal '
'records.',
'impact': {'data_compromised': ['Full names',
'Postal addresses',
'Driver’s license numbers',
'License plate numbers',
'Car insurance policy numbers',
'Crash descriptions',
'Injury details'],
'identity_theft_risk': 'High',
'systems_affected': 'Crash Records Information System (CRIS)'},
'initial_access_broker': {'entry_point': 'Compromised government account'},
'motivation': 'Data Theft',
'post_incident_analysis': {'corrective_actions': ['Disabled access from the '
'compromised account',
'Implemented additional '
'security measures for '
'accounts'],
'root_causes': 'Compromised credentials'},
'references': [{'source': 'BleepingComputer'}],
'response': {'communication_strategy': 'Notified affected individuals',
'containment_measures': 'Disabled access from the compromised '
'account',
'remediation_measures': ['Implemented additional security '
'measures for accounts']},
'title': 'Texas Department of Transportation Cyberattack',
'type': 'Data Breach',
'vulnerability_exploited': 'Compromised government account'}