- The Texas Department of Transportation confirmed suffering a cyberattack
- A threat actor used compromised credentials to access the system
- Hundreds of thousands of names, addresses, and PII, were exposed
The Texas Department of Transportation (TxDOT), a government agency responsible for overseeing the construction, maintenance, and operation of the state’s transportation system, suffered a cyberattack and lost sensitive personal records.
The agency confirmed the news in a brief notification published on its website earlier this week.
According to the announcement, a threat actor used a compromised government account to access TxDOT’s systems. After spotting “unusual activity” in the Crash Records Information System (CRIS), the agency investigated further, and found that the attacker accessed, and downloaded, nearly 300,000 crash reports.
The data stolen in the breach includes full names, postal addresses, driver’s license numbers, license plate numbers, car insurance policy numbers, and other information (such as sustained injuries or crash description).
GTA, Minecraft, CoD, Sims all hit
TxDOT said it immediately disabled access from the compromised account, and notified affected individuals. They have been warned to be wary of potential phishing and social engineering attacks, themed around car crashes. It also said it was implementing “additional security measures for accounts” to prevent similar incidents in the future, but did not detail what these measures are.
This type of information is quite useful for cybercriminals. They can use it to send personalized phishing emails, themed around something the victim is familiar with and has interacted with in the past. Such phishing attacks are more successful than random, generic ones, and can lead to identity theft, wire fraud, malware attacks, or even ransomware.
Government agencies are a popular target, mostly since they often hold sensitive citizen information. In early April 2025, Florida Department of State suffered a data breach that may have exposed information of 500,000 people, and in August 2024, National Public Data confirmed it was hit by data breach — and that millions of users were at risk.
At press time, no threat actors claimed responsibility for this attack.
Via BleepingComputer
You might also like
https://cdn.mos.cms.futurecdn.net/5rDPr5xYvLwnkP7ZvpR2w3.jpg
Source link
