Texas breach exposes PII of 3 million hunting and fishing license customers

More than 3.1 million people may have had sensitive personal information exposed following a data security incident involving a third-party vendor used by the Texas Parks and Wildlife Department (TPWD).

Key takeaways

• The Texas Parks and Wildlife Department (TPWD) disclosed a data security incident affecting some 3.1 million customers.
• The breach occurred through a third-party vendor that manages the agency's licensing system.
• Exposed data may include driver's license numbers, passport numbers, email addresses, phone numbers, and mailing addresses.
• Social Security Numbers, financial account information, and payment card information were not affected, TPWD says.
• Affected individuals are eligible for one year of free credit monitoring and identity protection services, with enrollment open until Sept. 14, 2026.

According to the data breach notification, an unauthorized actor gained access to customer data stored by a vendor that manages the agency's licensing system. The breach affects customers who bought licenses through the system and has prompted an ongoing investigation involving Texas Cyber Command and the vendor.

What information was exposed?

TPWD says the compromised information may include:

• Driver's license numbers
• Passport numbers
• Email addresses
• Phone numbers
• Mailing addresses
• Other information provided during the license purchasing process

The agency noted that Social Security Numbers, financial account information, and payment card information were not affected.

“The investigation indicates that an unauthorized actor may have obtained driver license information, passport numbers (if provided), email addresses, phone numbers and residential addresses for more than 3 million Texas hunting and fishing license customers,” the notice reads. “Social Security numbers, dates of birth and financial information, including credit card details were not obtained from this incident. There is no evidence that customers under the age of 18 were involved or that any specific group was targeted.”

While that may come as a relief to affected individuals, driver's license and passport information can still be valuable to cybercriminals and may be used in identity theft, impersonation, and social engineering schemes.

Texas Cyber Command is currently investigating the incident alongside the affected vendor.

What should impacted individuals do?

TPWD is offering eligible individuals one year of complimentary credit monitoring and identity protection services. Affected customers who receive notification of the breach should review the enrollment information provided and take advantage of the service before the Sept. 14, 2026 enrollment deadline.

Even without immediate evidence of misuse, enrolling in monitoring services can help individuals detect suspicious activity more quickly.

Taking additional preventive steps can also help reduce the risk of fraud and identity theft. This includes:

• Monitoring your financial accounts and credit reports for signs of unauthorized activity and reporting any suspicious transactions, unfamiliar accounts or indicators of fraud to relevant financial institutions and credit bureaus immediately.
• Freezing your credit. This can be done by contacting any one of major credit bureaus (Equifax, Experian and TransUnion).
• Keeping an eye out for phishing and impersonation scams. Scammers may use stolen personal information to target you with scams. Use free tools like Bitdefender Scamio to analyze any suspicious emails, texts, or unsolicited proposals for signs of fraud, and Bitdefender Link Checker to quickly identify potentially malicious links before you click.

Data breaches involving government-issued ID can create long-term risks because driver's licenses and passports are frequently used for identity verification.

For US consumers concerned about potential identity fraud, Bitdefender Identity Theft Protection can help monitor for signs of identity theft, track suspicious activity, and provide support if personal information is misused.

Individuals who want greater visibility into their online exposure may also benefit from Bitdefender Digital Identity Protection, which helps identify where personal information has been exposed online and alerts users when new data exposures are discovered.