A data breach at a Texas state government department allowed hackers to steal the driver’s license information and passport numbers of more than 3 million people, according to the state’s attorney general (TechCrunch, June 18). The incident is one of the largest data breaches to affect the state this year.
### What Happened
The Texas Parks & Wildlife Department disclosed the breach in a data security notice on its website. The state’s cybersecurity unit detected a security incident that gave hackers access to the department’s license system vendor, a third-party company that processes sales of hunting and fishing licenses.
The department did not name the vendor and did not respond to TechCrunch’s request for comment about whether the hackers have contacted the agency. The exact nature of the incident and when it occurred were also not specified.
Beyond driver’s licenses and passport numbers, the breach exposed email addresses, phone numbers, and residential addresses of affected license holders (SC Media, June 18).
### Why It Matters
Government-issued ID documents are among the most valuable targets for identity theft. A driver’s license number combined with a passport number, email, phone number, and home address gives attackers everything needed to commit financial fraud, open accounts, or conduct social engineering attacks against the 3 million affected individuals.
The breach also highlights a recurring vulnerability pattern in state government IT systems: third-party vendors with access to sensitive data that operate with insufficient security oversight. The Texas Parks & Wildlife Department’s license system vendor is unnamed and its security practices are unknown to the public.
### Broader Context
The Texas breach arrives in a year already marked by significant government and enterprise security incidents. TechCrunch recently catalogued the worst breaches of 2026 so far, noting a pattern of attackers targeting government systems for personally identifiable information at scale (TechCrunch, June 7).
State investigators say the probe into the incident is ongoing. Officials say steps are being taken to mitigate the impact on those affected, though no specific remediation measures have been announced.
Sources: TechCrunch (June 18); SC Media (June 18); Texas Parks & Wildlife data breach notice