The Texas Division of Transportation (TxDOT) is warning that it suffered an information breach after a risk actor downloaded 300,000 crash information from its database.
The incident occurred on Might 12, 2025, and was attributable to a risk actor logging into the TxDOT programs utilizing compromised credentials.
“On Might 12, 2025, TxDOT recognized uncommon exercise in its Crash Information Info System (CRIS),” reads the TxDOT announcement.
“Additional investigation revealed the exercise originated from an account that was compromised and used to improperly entry and obtain practically 300,000 crash experiences. TxDOT instantly disabled entry from the compromised account.”
The information which will have been uncovered in these crash information contains:
- Full names
- Bodily addresses
- Driver’s license quantity
- License plate quantity
- Automotive insurance coverage coverage quantity
- Different info, corresponding to sustained accidents or crash description
The publicity of this knowledge elevates the chance for social engineering, scamming, and phishing assaults for impacted people, the whole variety of which has not been disclosed but.
TxDOT has began distributing knowledge breach notifications to affected people, urging them to extend their vigilance towards potential focused assaults utilizing the stolen info.
No id theft safety or credit score monitoring service protection was provided to the letter recipients, however a devoted help line was arrange for his or her help.
Additionally it is beneficial that impacted people monitor their credit score experiences for suspicious exercise and think about freezing their credit score to keep away from damages from fraud.
Within the meantime, the company assures the general public it has blocked the attacker’s unauthorized entry to the compromised account and is implementing extra safety measures.
BleepingComputer has contacted the Texas Division of Transportation to be taught extra about the kind of assault and the way many individuals it impacted, and we are going to replace this publish after we obtain a response.
As of writing, no ransomware or extortion teams have assumed accountability for this assault.
Patching used to imply advanced scripts, lengthy hours, and limitless hearth drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch sooner, scale back overhead, and give attention to strategic work — no advanced scripts required.
