Texas Parks and Wildlife Department Suffers Major Data Breach Affecting Over 3 Million
A cyberattack on the Texas Parks and Wildlife Department (TPWD) has exposed the personal data of over 3 million Texans, marking one of the state’s largest breaches of the year. The incident, disclosed via the Texas attorney general’s website, compromised sensitive information, including names, addresses, driver’s license numbers, passport details, and government-issued IDs.
According to TPWD’s statement, the breach originated from a third-party vendor handling hunting and fishing license sales. While Social Security numbers, birth dates, and financial data such as credit card details were reportedly unaffected, the exposed records include email addresses, phone numbers, and residential addresses. The department confirmed that no minors or specific groups were targeted, and there is no evidence of further misuse.
TPWD’s investigation, led by Texas Cyber Command, revealed that the unauthorized access occurred through the vendor’s system. In response, the department has implemented additional security measures and monitoring services. License sales remain operational for August and the upcoming license year.
Neither TPWD nor the attorney general’s office disclosed the identity of the threat actor or the attack vector. The department emphasized its commitment to strengthening safeguards to prevent future incidents.
Source: https://www.cyberdaily.au/security/13776-3m-impacted-in-texas-gov-department-cyber-attack
Texas Parks and Wildlife Department cybersecurity rating report: https://www.rankiteo.com/company/txparkswildlife
PayIt cybersecurity rating report: https://www.rankiteo.com/company/payitgov
"id": "TXPPAY1781850513",
"linkid": "txparkswildlife, payitgov",
"type": "Breach",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '3,000,000+',
'industry': 'Public Sector / Wildlife and Parks',
'location': 'Texas, USA',
'name': 'Texas Parks and Wildlife Department',
'type': 'Government Agency'}],
'customer_advisories': 'Department statement confirming no evidence of '
'further misuse and commitment to strengthening '
'safeguards',
'data_breach': {'number_of_records_exposed': '3,000,000+',
'personally_identifiable_information': 'Names, addresses, '
'driver’s license '
'numbers, passport '
'details, '
'government-issued '
'IDs, email addresses, '
'phone numbers',
'sensitivity_of_data': 'High (driver’s license numbers, '
'passport details, government-issued '
'IDs)',
'type_of_data_compromised': 'Personal Identifiable '
'Information (PII)'},
'description': 'A cyberattack on the Texas Parks and Wildlife Department '
'(TPWD) has exposed the personal data of over 3 million '
'Texans, marking one of the state’s largest breaches of the '
'year. The incident compromised sensitive information, '
'including names, addresses, driver’s license numbers, '
'passport details, and government-issued IDs. The breach '
'originated from a third-party vendor handling hunting and '
'fishing license sales.',
'impact': {'data_compromised': 'Personal data of over 3 million Texans, '
'including names, addresses, driver’s license '
'numbers, passport details, government-issued '
'IDs, email addresses, and phone numbers',
'identity_theft_risk': 'High',
'operational_impact': 'License sales remain operational',
'payment_information_risk': 'None (credit card details unaffected)',
'systems_affected': 'Third-party vendor handling hunting and '
'fishing license sales'},
'initial_access_broker': {'entry_point': 'Third-party vendor system'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': 'Additional security '
'measures and monitoring '
'services implemented',
'root_causes': 'Unauthorized access through '
'third-party vendor’s system'},
'references': [{'source': 'Texas Attorney General’s website'}],
'regulatory_compliance': {'regulatory_notifications': 'Disclosed via Texas '
'attorney general’s '
'website'},
'response': {'communication_strategy': 'Disclosure via Texas attorney '
'general’s website and department '
'statement',
'containment_measures': 'Additional security measures and '
'monitoring services implemented',
'enhanced_monitoring': 'Yes',
'third_party_assistance': 'Texas Cyber Command'},
'title': 'Texas Parks and Wildlife Department Suffers Major Data Breach '
'Affecting Over 3 Million',
'type': 'Data Breach'}