The Texas Division of Transportation (TxDOT) is warning that it suffered a knowledge breach after a risk actor downloaded 300,000 crash data from its database.
The incident occurred on Could 12, 2025, and was attributable to a risk actor logging into the TxDOT techniques utilizing compromised credentials.
“On Could 12, 2025, TxDOT recognized uncommon exercise in its Crash Data Data System (CRIS),” reads the TxDOT announcement.
“Additional investigation revealed the exercise originated from an account that was compromised and used to improperly entry and obtain almost 300,000 crash studies. TxDOT instantly disabled entry from the compromised account.”
The information that will have been uncovered in these crash data consists of:
- Full names
- Bodily addresses
- Driver’s license quantity
- License plate quantity
- Automotive insurance coverage coverage quantity
- Different data, resembling sustained accidents or crash description
The publicity of this information elevates the chance for social engineering, scamming, and phishing assaults for impacted people, the full variety of which has not been disclosed but.
TxDOT has began distributing information breach notifications to affected people, urging them to extend their vigilance in opposition to potential focused assaults utilizing the stolen data.
No id theft safety or credit score monitoring service protection was supplied to the letter recipients, however a devoted assist line was arrange for his or her help.
It’s also beneficial that impacted people monitor their credit score studies for suspicious exercise and think about freezing their credit score to keep away from damages from fraud.
Within the meantime, the company assures the general public it has blocked the attacker’s unauthorized entry to the compromised account and is implementing extra safety measures.
BleepingComputer has contacted the Texas Division of Transportation to study extra about the kind of assault and the way many individuals it impacted, and we’ll replace this submit after we obtain a response.
As of writing, no ransomware or extortion teams have assumed accountability for this assault.
Patching used to imply advanced scripts, lengthy hours, and countless hearth drills. Not anymore.
On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch quicker, scale back overhead, and deal with strategic work — no advanced scripts required.
