Pierluigi Paganini
June 22, 2026
The Texas Parks and Wildlife Department (TPWD) disclosed a data breach affecting around 3 million individuals after a third-party vendor used for hunting and fishing license sales was compromised.
The Texas Parks and Wildlife Department (TPWD) is the state agency responsible for managing and protecting Texas’s natural and recreational resources.
Hackers may have accessed email addresses, physical addresses, phone numbers, driver’s license details, and passport numbers.
The incident was identified through Texas Cyber Command and highlights risks tied to third-party service providers.
“Texas Cyber Command recently detected a cybersecurity incident involving the Texas Parks and Wildlife Department (TPWD) license system vendor that handles the sale of hunting and fishing licenses.” reads the Notification of Data Security Incident. “The investigation indicates that an unauthorized actor may have obtained driver license information, passport numbers (if provided), email addresses, phone numbers and residential addresses for more than 3 million Texas hunting and fishing license customers”
Social Security numbers, dates of birth, and financial details such as credit card information were not compromised in the incident. There is also no indication that minors were affected or that any specific group was targeted. The organization acknowledged the seriousness of the breach and said additional security measures have already been implemented to better protect user data. It also noted that some staff members who are hunters and anglers were personally impacted, and confirmed ongoing work with the licensing vendor to strengthen safeguards and prevent similar incidents in the future.
The agency pointed out that license sales are not impacted by the incident and the organization added that it’s working with the license system vendor to boost its cybersecurity.
“TPWD is working closely with the license system vendor to implement new safeguards and enhanced monitoring services.” continues the notification. “Immediate steps were taken to strengthen access controls for customer profile data, and additional security features will be added in the future.”
The agency offers the impacted individuals one year of free credit monitoring through Kroll by enrolling before September 14, 2026. A dedicated support line is available to answer questions and help determine eligibility.
As a precaution, customers are encouraged to regularly review bank statements and credit reports for suspicious activity, place a credit freeze or fraud alert with major credit bureaus, and remain vigilant against phishing attempts. Officials also warn users to be cautious of unsolicited messages or requests for personal information, as scammers may try to exploit data exposed in the breach.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, TPWD)
