Texas Dept. of Transportation breached, 300k crash records stolen

The Texas Department of Transportation (TxDOT) is warning that it suffered a data breach after a threat actor downloaded 300,000 crash records from its database.

The incident occurred on May 12, 2025, and was caused by a threat actor logging into the TxDOT systems using compromised credentials.

“On May 12, 2025, TxDOT identified unusual activity in its Crash Records Information System (CRIS),” reads the TxDOT announcement.

“Further investigation revealed the activity originated from an account that was compromised and used to improperly access and download nearly 300,000 crash reports. TxDOT immediately disabled access from the compromised account.”

The data that may have been exposed in these crash records includes:

• Full names
• Physical addresses
• Driver’s license number
• License plate number
• Car insurance policy number
• Other information, such as sustained injuries or crash description

The exposure of this data elevates the risk for social engineering, scamming, and phishing attacks for impacted individuals, the total number of which has not been disclosed yet.

TxDOT has started distributing data breach notifications to affected individuals, urging them to increase their vigilance against potential targeted attacks using the stolen information.

No identity theft protection or credit monitoring service coverage was offered to the letter recipients, but a dedicated support line was set up for their assistance.

It is also recommended that impacted individuals monitor their credit reports for suspicious activity and consider freezing their credit to avoid damages from fraud.

In the meantime, the agency assures the public it has blocked the attacker’s unauthorized access to the compromised account and is implementing additional security measures.

BleepingComputer has contacted the Texas Department of Transportation to learn more about the type of attack and how many people it impacted, and we will update this post when we receive a response.

As of writing, no ransomware or extortion groups have assumed responsibility for this attack.