The Texas Department of Transportation (TxDOT) says hackers accessed its Crash Records Information System (CRIS) and downloaded roughly 300,000 crash reports.
The incident, TxDOT says, was discovered on May 12 and occurred after a system account was compromised and used to access information stored in CRIS.
The agency says it disabled access to the compromised account immediately after identifying the suspicious activity and launched an investigation on how the compromise occurred. It also implemented additional security measures to prevent similar occurrences.
“TxDOT is required by law to maintain a Crash Records Information System (CRIS), which includes details regarding traffic crashes and the individuals involved in those incidents,” the government agency notes in the notification letter (PDF) to the impacted individuals.
The crash reports may include personal information such as names, addresses, driver’s license numbers, license plate numbers, car insurance policy numbers, vehicle make and model, and other information.
“Notification, in this case, is not required by law, but TxDOT has taken proactive steps to inform the public by sending letters to notify the impacted individuals whose information was included in the crash reports,” the agency says.
TxDOT is advising the potentially affected individuals to be wary of potential phishing emails or text messages related to crash information, and to refrain from sharing their personal information, bank account details, or Social Security numbers with unknown individuals.
The affected individuals should also monitor their credit reports and place a credit freeze when identifying suspicious activity.
TxDOT is responsible for constructing and maintaining Texas’ state highway system, and for supporting the aviation, rail, maritime, and public transportation systems.
TxDOT notified the Texas Attorney General’s Office that a total of 423,391 Texans were impacted by the incident. However, the total number of affected people could be higher, as residents of other states might have been impacted as well.
*Updated with information on the number of impacted people.
Related: Lee Enterprises Says 40,000 Hit by Ransomware-Caused Data Breach
Related: Victoria’s Secret Says It Will Postpone Earnings Report After Recent Security Breach
