The Texas Parks and Wildlife Department (TPWD) has disclosed a data breach affecting a third-party licensing system vendor that exposed personal information belonging to more than three million individuals. The incident was identified after the Texas Cyber Command detected unauthorized access and launched an investigation into the scope and impact of the intrusion.
According to the agency, the breach did not involve Social Security numbers, financial data, or credit card information. However, attackers may have accessed a wide range of personally identifiable information linked to 3,087,721 hunting and fishing license holders, including driver’s license details, passport numbers, email addresses, phone numbers, and residential addresses.
TPWD warned that while no evidence suggests minors or specific groups were targeted, the exposed dataset is sufficient to support phishing, impersonation, and social engineering campaigns. Such information could be used to craft convincing scams designed to trick victims into revealing more sensitive data or installing malicious software.
The agency, which manages Texas wildlife, conservation efforts, and recreational licensing programs, said it is working with its vendor to strengthen security controls and monitoring. Affected individuals are being offered one year of free credit monitoring and are urged to consider placing fraud alerts or credit freezes, while remaining vigilant against potential phishing attempts impersonating official state services.
