Back to news
Cybersecurity Alert
June 19, 2026 by EmailMeNow IT Consulting

Texas Parks & Wildlife Breach Exposes 3 Million Driver's Licenses and Passports, AG Reports

A Texas state government breach through a hunting and fishing license vendor exposed driver's license data, passport numbers, and contact details for more than 3 million people — one of the largest Texas incidents in 2026. Independent audits score tpwd.texas.gov at 74% and texas.gov at 65%.

Source: TechCrunch / Texas Attorney General

CybersecurityData BreachTexasGovernment
Texas government data breach affecting driver's licenses and passports

A data breach at a Texas state government department allowed attackers to steal driver’s license information and passport numbers for more than 3 million people, according to a notice filed with the Texas Attorney General and reported by TechCrunch on June 18, 2026.

The incident is among the largest data breaches to affect Texas this year.

Read the TechCrunch report:
https://techcrunch.com/2026/06/18/texas-government-data-breach-allowed-hackers-to-steal-3-million-drivers-licenses-and-passports/

What Texas Parks & Wildlife Reported

In a data breach notice published on the Texas Parks & Wildlife website, the department said the state’s cybersecurity unit detected a security incident involving its hunting and fishing license system vendor. The vendor handles license sales and related identity verification.

Exposed data reportedly includes:

  • Driver’s license information
  • Passport numbers
  • Email addresses
  • Phone numbers
  • Residential addresses

The department has not publicly named the vendor or confirmed whether attackers contacted the agency directly. TechCrunch’s request for comment was unanswered at publication time.

Illustration: Texan purchasing hunting license online while third-party vendor connection leaks identity data

Why This Matters

Government and vendor-chain breaches that expose government-issued ID numbers create long-tail identity theft risk. Unlike a stolen password, a driver’s license or passport number cannot simply be rotated — victims may face fraudulent account openings, tax fraud, and impersonation for years.

For Texas businesses and professionals, this reinforces three lessons we see repeatedly in OAG breach filings:

  1. Third-party vendors are part of your attack surface — even when you do not operate the breached system.
  2. High-value identity data attracts targeted phishing — expect smishing and vishing campaigns referencing Texas licenses or state agencies.
  3. Documented cybersecurity programs matter — Texas SB 2610 Safe Harbor rewards organizations that maintain written, tier-appropriate security programs.

Illustration: stolen drivers license and passport data exposed in identity theft aftermath

Post-Incident Security Posture Assessment

We ran independent EmailMeNow Cybersecurity Audits against Texas Parks & Wildlife and state portal domains on June 21, 2026:

Organization (Domain)OverallRisk Level
Texas Parks & Wildlife (tpwd.texas.gov)74%Good
State of Texas portal (texas.gov)65%High Risk

These public-facing scores do not prove how the vendor breach occurred — the hunting and fishing license system runs on a third-party vendor, not necessarily these web properties. They do illustrate the email and transport posture Texans see when interacting with state .gov sites after high-profile identity theft incidents.

Audit links:

What Affected Texans Should Do

  • Monitor financial accounts and credit reports for unauthorized activity.
  • Be skeptical of unsolicited calls, texts, or emails claiming to be from Texas Parks & Wildlife, DPS, or other state agencies.
  • Consider a fraud alert or credit freeze if you purchased a Texas hunting or fishing license and believe your data may be involved.
  • Use unique passwords and MFA on all accounts — attackers often pair leaked identity data with credential-stuffing attacks.

Illustration: Texan receiving suspicious smishing text claiming to be from state parks about license data

Vendor Risk for Every Texas Organization

If your business shares client or employee data with outside vendors — payroll, benefits, e-commerce, case management, or licensing platforms — this breach is a reminder to verify vendor security questionnaires, incident notification clauses, and least-privilege API access.


Benchmark your email and identity security posture.

Run a free audit at audit.emailmenow.com/?industry=local-government&state=texas or contact EmailMeNow IT Consulting for vendor risk review and SB 2610 documentation support.


Sources: TechCrunch — Texas government data breach · EmailMeNow audits — tpwd.texas.gov · texas.gov