The Texas Department of Transportation (TxDOT) has recently released a warning about a data breach affecting thousands of people in the state. Texas officials said hackers had compromised an account at the state agency, which led to the significant exposure of sensitive information. They first discovered unusual activity on May 12th involving the state’s official Crash Records Information System, also known as CRIS. An internal investigation later found that the compromised account was used to access and then download almost 300,000 individual crash reports. Texas is legally required to maintain this CRIS system, which tracks all crash details and the people involved in any road accidents.
Texas officials have confirmed the stolen crash reports unfortunately include a large amount of very sensitive and personal identifying information.
This extensive data includes the full names, home addresses, various driver’s license numbers, and also the license plate numbers of individuals. Furthermore, important car insurance policy numbers and other specific details related to the incident were also included in these stolen reports. Information about any injuries that were sustained by individuals during a particular crash and a detailed written narrative of the incident.
These detailed narratives of each crash incident are also included in all of the nearly 300,000 stolen reports from the system.
The official advisory that was released by the state agency claims they are not legally required to notify the public of this incident. However, they decided to proactively inform the public by sending letters to notify all the impacted individuals of the data breach. These important letters were sent to people whose sensitive information was included in the numerous crash reports that had been illegally downloaded. Texas immediately shut down the compromised account as soon as the security breach was discovered by their internal monitoring security teams. They are also continuing to actively investigate the entire incident, though they have not yet named the hackers who are responsible for it.
The official letters that were sent out to all of the potential victims of this major data breach warn them to be extremely wary. They should be very cautious of any incoming emails, various text messages, or phone calls related to any past crashes they were in. This highly detailed stolen information could be used by other criminals to conduct very convincing and also targeted phishing or social engineering attacks. A dedicated telephone call line was also created by the Texas Department of Transportation for any victims with more specific questions. This support line is intended to help individuals who may be concerned about the potential misuse of their now stolen personal data.
Reference:
