compliance · BleepingComputer
The Texas Parks and Wildlife Department (TPWD) disclosed a data breach affecting its license system vendor that exposed personal information for approximately 3.087 million hunting and fishing license customers. The Texas Cyber Command discovered the intrusion and investigated the unauthorized access. According to TPWD's notification, exposed data included driver's license information, passport numbers, email addresses, phone numbers, and residential addresses. The agency confirmed that Social Security Numbers, dates of birth, and financial information such as credit card data were not compromised. TPWD states there is no evidence that individuals under 18 were targeted.
For organizations handling similar citizen and customer identity data, this incident underscores the risks of third-party vendor access to sensitive personal information. SaaS vendors processing PII—particularly those supporting government agencies or regulated industries—should evaluate whether their identity and access management controls meet the data-handling expectations outlined in their contracts and compliance frameworks. Healthcare providers and fintechs managing similar datasets should review their vendor management practices and ensure third-party processors implement monitoring and safeguards aligned with HIPAA, NYDFS, and PCI DSS requirements. An Omniware engagement can scope vendor risk assessment and data protection controls in detail.
Source: BleepingComputer - https://www.bleepingcomputer.com/news/security/texas-govt-data-breach-exposes-over-3-million-drivers-licenses/
Source: BleepingComputer
All briefings