.png){kind=logo}
The Texas Parks and Wildlife Department has reported a major data breach involving more than 3 million customers. The incident affected a vendor system used to sell hunting and fishing licenses across the state.
Officials said an unauthorized user ‘may have obtained’ driver’s license details, passport numbers and contact information. Texas Cyber Command detected the security incident and informed the department.
The breach occurred through a third-party vendor that manages license sales for the Texas Parks and Wildlife Department. The department has not identified the company that operates the system. It also has not stated when the unauthorized access started or how long it lasted.
According to the department, the attacker ‘may have’ accessed personal information linked to more than 3 million license holders. The exposed records included driver’s license information, passport numbers, email addresses, phone numbers and home addresses. The language used in the notice shows that officials have not publicly confirmed whether the attacker viewed or downloaded every affected record.
The incident ranks among the largest Texas government data breaches reported this year. The compromised system serves hunters and anglers who purchase state licenses. Many department employees also use the platform and were among those affected.
Texas requires most people who hunt animals, birds, frogs or turtles to hold a valid hunting license. Revenue from hunting and fishing permits supports wildlife management, fish stocking, habitat work and public recreational programs.
The Texas Parks and Wildlife Department said Social Security numbers were not exposed. Dates of birth and financial information also remained outside the accessed data. Officials found no evidence that the breach affected information belonging to minors.
The department also said investigators found no proof that the hacker targeted a particular group. Still, the exposed driver’s license and passport details could contain information that customers use to confirm their identity. Email addresses, phone numbers and home addresses were also included in the affected records.
Officials have not disclosed the identity of the attacker or explained the method used to enter the vendor’s system. The department has also not said whether anyone demanded money or contacted state officials after the incident.
Texas Cyber Command detected the attack. State lawmakers created the unit in 2025 to help government agencies identify and respond to cyber threats. The command worked with the department after discovering the unauthorized activity.
The Texas Parks and Wildlife Department said it is working with the license vendor to strengthen system security. Officials have added more protection options and expanded monitoring services following the breach.
“We recognize the seriousness of this issue and have identified and implemented additional security options to better protect customer information,” the department said. It added that many staff members are hunters and anglers who were also affected.
The agency said it would keep working with the vendor to introduce stronger safeguards and reduce the risk of another breach. It has not provided details about the new controls or confirmed whether an outside cybersecurity company is investigating the incident.
Affected customers can receive one year of free credit monitoring and identity protection services through Kroll. Eligible people can enroll by calling 844-959-7123. The enrollment deadline is September 14, 2026.
Customers should review official notices carefully and watch for unexpected messages that request personal information. The department has not reported evidence that the stolen records have been publicly released or used for fraud.
Also Read: Kali365 Phishing Attack Bypasses Microsoft 365 MFA Using Real Login Pages, No Fake Site Needed
