Recommended reading

Texas government reports 300,000 plus crash records stolen in cyberattack

News
By published

Names, addresses, and more - stolen in a smash and grab attack

Caution sign data unlocking hackers. Malicious software, virus and cybercrime, System warning hacked alert, cyberattack on online network, data breach, risk of website
(Image credit: sarayut Thaneerat/ via Getty Images)
  • The Texas Department of Transportation confirmed suffering a cyberattack
  • A threat actor used compromised credentials to access the system
  • Hundreds of thousands of names, addresses, and PII, were exposed

The Texas Department of Transportation (TxDOT), a government agency responsible for overseeing the construction, maintenance, and operation of the state's transportation system, suffered a cyberattack and lost sensitive personal records.

The agency confirmed the news in a brief notification published on its website earlier this week.

According to the announcement, a threat actor used a compromised government account to access TxDOT’s systems. After spotting “unusual activity” in the Crash Records Information System (CRIS), the agency investigated further, and found that the attacker accessed, and downloaded, nearly 300,000 crash reports.

The data stolen in the breach includes full names, postal addresses, driver’s license numbers, license plate numbers, car insurance policy numbers, and other information (such as sustained injuries or crash description).

GTA, Minecraft, CoD, Sims all hit

TxDOT said it immediately disabled access from the compromised account, and notified affected individuals. They have been warned to be wary of potential phishing and social engineering attacks, themed around car crashes. It also said it was implementing “additional security measures for accounts” to prevent similar incidents in the future, but did not detail what these measures are.

This type of information is quite useful for cybercriminals. They can use it to send personalized phishing emails, themed around something the victim is familiar with and has interacted with in the past. Such phishing attacks are more successful than random, generic ones, and can lead to identity theft, wire fraud, malware attacks, or even ransomware.

Government agencies are a popular target, mostly since they often hold sensitive citizen information. In early April 2025, Florida Department of State suffered a data breach that may have exposed information of 500,000 people, and in August 2024, National Public Data confirmed it was hit by data breach — and that millions of users were at risk.

At press time, no threat actors claimed responsibility for this attack.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.