The Texas Division of Transportation (TxDOT) is warning that it suffered a data breach after a menace actor downloaded 300,000 crash data from its database.
The incident occurred on Could 12, 2025, and was attributable to a menace actor logging into the TxDOT programs utilizing compromised credentials.
“On Could 12, 2025, TxDOT recognized uncommon exercise in its Crash Data Data System (CRIS),” reads the TxDOT announcement.
“Additional investigation revealed the exercise originated from an account that was compromised and used to improperly entry and obtain practically 300,000 crash stories. TxDOT instantly disabled entry from the compromised account.”
The info which will have been uncovered in these crash data contains:
- Full names
- Bodily addresses
- Driver’s license quantity
- License plate quantity
- Automotive insurance coverage coverage quantity
- Different data, resembling sustained accidents or crash description
The publicity of this knowledge elevates the danger for social engineering, scamming, and phishing assaults for impacted people, the full variety of which has not been disclosed but.
TxDOT has began distributing data breach notifications to affected people, urging them to extend their vigilance in opposition to potential focused assaults utilizing the stolen data.
No id theft safety or credit score monitoring service protection was provided to the letter recipients, however a devoted assist line was arrange for his or her help.
It is usually beneficial that impacted people monitor their credit score stories for suspicious exercise and contemplate freezing their credit score to keep away from damages from fraud.
Within the meantime, the company assures the general public it has blocked the attacker’s unauthorized entry to the compromised account and is implementing extra security measures.
BleepingComputer has contacted the Texas Division of Transportation to study extra about the kind of assault and the way many individuals it impacted, and we’ll replace this publish after we obtain a response.
As of writing, no ransomware or extortion teams have assumed duty for this assault.
Patching used to imply complicated scripts, lengthy hours, and limitless hearth drills. Not anymore.
On this new information, Tines breaks down how fashionable IT orgs are leveling up with automation. Patch quicker, cut back overhead, and deal with strategic work — no complicated scripts required.
