Texas Department of Transportation (TxDOT)

A compromised account within the Texas Department of Transportation (TxDOT) led to unauthorized access and improper downloads of nearly 300,000 crash records from its Crash Records Information System (CRIS). The breach, detected on May 12, 2025, exposed sensitive personal information, including full names, addresses, driver’s license numbers, license plate numbers, and car insurance policy details. While legal notification was not mandatory, TxDOT proactively alerted affected individuals via mail and set up a dedicated helpline for assistance.The incident prompted TxDOT to disable the compromised account immediately and enhance security measures to prevent future breaches. The investigation remains ongoing, but the scale of the data exposure affecting hundreds of thousands of individuals highlights significant risks to privacy, identity theft, and potential fraud. The breach underscores vulnerabilities in government-held sensitive data, particularly in systems managing critical public records.

Source: https://www.txdot.gov/about/newsroom/statewide/account-compromise-leads-to-crash-records-data-breach.html

TPRM report: https://www.rankiteo.com/company/texas-department-of-transportation

"id": "tex927090225",
"linkid": "texas-department-of-transportation",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Approximately 300,000 '
                                              'individuals (crash report '
                                              'records accessed)',
                        'industry': 'Transportation',
                        'location': 'Austin, Texas, USA',
                        'name': 'Texas Department of Transportation (TxDOT)',
                        'type': 'Government Agency'}],
 'attack_vector': 'Compromised Account',
 'customer_advisories': 'Individuals notified via letter with instructions to '
                        'call 1-833-918-5951 (toll-free, Mon-Fri 8 a.m. – 8 '
                        'p.m. CT, excluding U.S. holidays) and provide the '
                        'engagement number from the letter.',
 'data_breach': {'data_exfiltration': True,
                 'file_types_exposed': ['Crash reports'],
                 'number_of_records_exposed': '300,000',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High (includes driver license '
                                        'numbers, insurance details, and other '
                                        'PII)',
                 'type_of_data_compromised': ['Personal Identifiable '
                                              'Information (PII)',
                                              'Crash records']},
 'date_detected': '2025-05-12',
 'description': 'A compromise of an account led to improper downloads of '
                'nearly 300,000 crash records from the Texas Department of '
                "Transportation's (TxDOT) Crash Records Information System "
                '(CRIS). The incident was identified on May 12, 2025, and the '
                'compromised account was immediately disabled. Personal '
                'information in the crash records may include names, '
                'addresses, driver license numbers, license plate numbers, and '
                'car insurance policy numbers. TxDOT is notifying affected '
                'individuals and implementing additional security measures.',
 'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
                                       'proactive public notification',
            'data_compromised': ['First and last name',
                                 'Mailing/physical address',
                                 'Driver license number',
                                 'License plate number',
                                 'Car insurance policy number'],
            'identity_theft_risk': 'High (due to exposure of PII such as '
                                   'driver license numbers and insurance '
                                   'details)',
            'systems_affected': ['Crash Records Information System (CRIS)']},
 'initial_access_broker': {'high_value_targets': ['Crash Records Information '
                                                  'System (CRIS)']},
 'investigation_status': 'Ongoing',
 'post_incident_analysis': {'corrective_actions': ['Implementing additional '
                                                   'security measures for '
                                                   'accounts']},
 'references': [{'source': 'TxDOT Public Advisory'}],
 'regulatory_compliance': {'regulatory_notifications': 'Notification not '
                                                       'legally required but '
                                                       'proactively conducted'},
 'response': {'communication_strategy': ['Proactive public notification via '
                                         'letters to affected individuals',
                                         'Dedicated toll-free assistance line '
                                         '(1-833-918-5951)'],
              'containment_measures': ['Disabled access from the compromised '
                                       'account'],
              'enhanced_monitoring': ['Implementing additional security '
                                      'measures for accounts'],
              'incident_response_plan_activated': True},
 'stakeholder_advisories': ['Public notification letters',
                            'Dedicated assistance line for affected '
                            'individuals'],
 'title': 'TxDOT Crash Records Information System (CRIS) Account Compromise '
          'and Data Breach',
 'type': 'Data Breach / Unauthorized Access'}