Texas Parks and Wildlife Data Breach Affects Over 3M License Customers

More than three million people who bought hunting and fishing licenses in Texas are facing a range of risks due to a data breach, which is being dubbed one of the biggest cyberattacks reported in the state this year.

According to an official data security incident notification released by the department, on June 18, hackers targeted the computer systems of a third-party vendor that sells these licenses for the Texas Parks and Wildlife Department (TPWD). The incident is currently being investigated by a state security team called the Texas Cyber Command.

Reportedly, an unauthorised actor managed to infiltrate the vendor’s private network, and could’ve gotten away with personal details like email addresses, phone numbers, home addresses, driver’s licence details, and passport numbers.

However, the TPWD has confirmed that the hackers didn’t manage to steal highly sensitive data. This means Social Security numbers, birthdays, and banking details like credit cards are completely safe.

Also, there is no evidence that children under 18 years old were involved. This could be because the hackers didn’t seem to focus on any specific group of people. Even some of the department’s own workers had their details stolen because they hunt and fish too.

“We recognise the seriousness of this issue and have identified and implemented additional security options to better protect customer information,” TPWD officials stated.

Hackread.com also found a listing on a cybercrime forum where a user using the handle w1kkid claimed responsibility for the Texas Parks and Wildlife data breach and offered the alleged database for sale in Monero (XMR).

The post claimed the dataset contained 3,190,363 records linked to hunting and fishing license buyers and listed fields such as names, addresses, phone numbers, email addresses, driver’s license details, and other personal attributes.

The listing was later updated to indicate that the data had been sold, though TPWD’s official notice says Social Security numbers, dates of birth, and financial information were not obtained in the incident.

The state agency hasn’t yet shared the hacked third-party vendor’s name or exactly who hacked it, or the specific attack method used in the breach.

However, the agency is changing how its data is viewed to make things safer. They are improving access control measures on customer profiles and will monitor their computer networks much more closely. People can still buy their hunting and fishing licences as usual. The next sales are due to start this August.

The department is working with a security firm called Kroll to help the affected people and is offering Texas residents a full year of free credit monitoring to help them monitor their financial records for suspicious changes. Interested individuals need to sign up by September 14, 2026.

For staying safe, a good option is freezing your credit with the main credit agencies like Equifax, Experian, and TransUnion. It is free and can stop scammers from opening new bank accounts using your name. Lastly, always check your bank statements and never click on strange links in emails.