The Texas Parks and Wildlife Department (TPWD) has disclosed a cybersecurity incident affecting its hunting and fishing license system vendor, potentially exposing the personal information of more than 3 million people.
The incident was identified by the Texas Cyber Command, which recently detected unauthorized access involving the third-party vendor responsible for processing hunting and fishing license sales for TPWD. An investigation into the intrusion found that an unauthorized actor may have obtained customer records containing driver's license information, passport numbers when provided, email addresses, phone numbers, and residential addresses.
TPWD stated that there is currently no evidence that individuals under the age of 18 were affected by the incident, nor is there any indication that a specific group of customers was targeted. The agency has not disclosed the name of the affected vendor, how the attackers gained access to the system, or when the intrusion occurred.
The Texas Parks and Wildlife Department manages the state's natural and recreational resources, including hunting, fishing, wildlife conservation, and state parks. Each year, millions of Texans purchase hunting and fishing licenses through systems operated on the agency's behalf.
While the compromised dataset does not include financial information or Social Security numbers, the exposed records are still highly sensitive. Driver's license details, passport numbers, contact information, and residential addresses can be used in identity-verification scams, phishing campaigns, social-engineering attacks, and other forms of fraud.
TPWD acknowledged the seriousness of the incident and said it has already implemented additional security measures to better protect customer information. According to the agency, immediate actions were taken to strengthen access controls governing customer profile data, while further security enhancements and monitoring capabilities are planned.
The department also noted that many of its own employees, including staff who are hunters and anglers, were affected by the breach. TPWD said it continues to work with the vendor to deploy stronger safeguards to prevent similar incidents in the future.
Despite the security incident, the agency confirmed that hunting and fishing license sales will continue as scheduled for the upcoming August sales period and the next licensing year.
Affected individuals are being offered one year of complimentary credit monitoring and identity protection services through Kroll. Customers can verify their eligibility for the service by contacting the dedicated assistance line at (844) 959-7123. Enrollment in the free monitoring program is available until September 14, 2026.
TPWD is advising customers to remain vigilant for signs of fraud or identity theft, to review financial statements and credit reports for suspicious activity, to place a security freeze on credit files with Equifax, Experian, and TransUnion, and to enable fraud alerts where appropriate. The agency also warned that attackers may attempt to exploit the exposed information in phishing and impersonation schemes, urging customers to verify the legitimacy of communications before clicking links or sharing personal information.
Leave a Reply