Pierluigi Paganini
June 10, 2025
Threat actors compromised the Crash Records Information System (CRIS) from the Texas Department of Transportation (TxDOT) and stole 300,000 Crash Reports.
The Texas Department of Transportation is a state agency that manages Texas’s transportation systems. It oversees highway construction and maintenance, supports public transit, ensures traffic safety, and handles crash data through systems like CRIS. TxDOT also coordinates freight, rail, and aviation infrastructure.
On May 12, 2025, TxDOT detected suspicious activity in its CRIS system. Attackers compromised a system account and used it to unlawfully access and download crash reports.
“On May 12, 2025, TxDOT identified unusual activity in the Crash Reporting Information System (CRIS) originating from a system account.” reads the data breach notification letter. “Further investigation revealed this individual’s account was compromised and used to improperly access and download crash reports.”
Compromised personal information in crash reports may include first and last names, mailing and/or physical addresses, driver’s license numbers, license plate numbers, vehicle make and model, car insurance policy numbers and other information such as injuries users may have sustained, and a narrative description of your crash.
TxDOT immediately disabled the compromised account and launched an investigation into the incident. To prevent similar incidents in the future, the agency is implementing additional security measures.
The Texas Department of Transportation recommends impacted individuals to watch for suspicious messages about crash info and never share personal details. The agency also recommends monitoring credit and considering freezing it. File taxes early to prevent fraud.
TxDOT is offering a free credit report from the three nationwide credit bureaus (Experian, TransUnion, and Equifax).
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
