The Texas Parks and Wildlife Department (TPWD) has disclosed a data breach affecting roughly 3 million individuals.
TPWD is a state agency responsible for conserving Texas’s natural resources, managing wildlife and state parks, and overseeing hunting and fishing programs.
The organization learned from the Texas Cyber Command that a third-party vendor responsible for selling hunting and fishing licenses had suffered a cybersecurity incident.
According to TPWD, the hackers may have stolen the information of more than 3 million individuals who acquired hunting and fishing licenses, including email addresses, physical addresses, phone numbers, driver’s license information, and passport numbers.
“Social Security numbers, dates of birth and financial information, including credit card details were not obtained from this incident,” TPWD said. “There is no evidence that customers under the age of 18 were involved or that any specific group was targeted.”
License sales are not impacted by the incident and the government organization says it’s working with the license system vendor to boost its cybersecurity.
“Immediate steps were taken to strengthen access controls for customer profile data, and additional security features will be added in the future,” TPWD noted.
The name of the targeted vendor has not been disclosed, and it’s unclear who is behind the attack.
SecurityWeek has reached out to TPWD for information on who was behind the attack and this article will be updated if the organization responds.
Related: Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000
Related: 377,000 Impacted by Data Breach at Texas Gas Station Firm
Related: Hackers Stole 300,000 Crash Reports From Texas Department of Transportation
