Texas Parks and Wildlife Department data breach exposes over 3 million driver's licenses
The Texas Parks and Wildlife Department (TPWD) disclosed a data breach at its third-party license system vendor, affecting over three million individuals. The compromised data included driver's license information, passport numbers, email addresses, phone numbers, and residential addresses. However, Social Security Numbers, dates of birth, or financial information were not impacted. The Texas Cyber Command discovered the intrusion.
Signal context
First seen: Jun 18, 2026
Last updated: Jun 24, 2026
Status: Public signal
Key points
- Breach occurred at a third-party vendor managing TPWD's license system.
- Over 3 million individuals affected.
- Exposed data includes driver's license information, passport numbers, email addresses, phone numbers, and residential addresses.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Finance and Insurance
Likely country: 🇺🇸 United States
inferred from company domain
The feed marks multiple actor roles. Treat this as a review signal rather than a final attribution.
- Source type: outside the affected organization
- Source type: supplier or third-party involvement
Impact area: Confidentiality
Likely asset: User or customer data
- 6 signals in the same sector
- 36 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
Texas govt data breach exposes over 3 million driver's licenses - Bleeping Computerhttps://www.bleepingcomputer.com/news/security/texas-govt-data-breach-exposes-over-3-million-drivers-licenses/Public source from bleepingcomputer.com.
Texas Parks & Wildlife data breach exposes millions of driver's licenses, passport numbers - SC Mediahttps://www.scmagazine.com/brief/texas-parks-wildlife-data-breach-exposes-millions-of-drivers-licenses-passport-numbersPublic source from scmagazine.com.
Related signals
Grouped by why the signal is relevant.
Nintendo confirms data stolen in WebMD subsidiary cyberattack
Nintendo of America confirmed that survey data was stolen from TinyPulse, a third-party service used internally for employee surveys. The company emphasized that its own systems were not compromised, and no personal customer or financial data was accessed. The data involved was limited to internal survey content from a small subset of employees, with most information dating back several years. The Shadowbyt3$ extortion group claimed responsibility, demanding a $2 million ransom.
American Express Insider Data Breach Reported
American Express was involved in an insider data breach where an employee accessed the personal financial information of an individual. An investigation by the Australian Privacy Commissioner found the company breached privacy laws by failing to implement adequate restrictions on staff access to customer accounts.
French National Bank Account Registry (FICOBA) Data Breach
The Fichier National des Comptes Bancaires et Assimilés (FICOBA), France's national bank account registry, experienced a data breach in late January 2026, potentially compromising 1.2 million accounts.
Louis Vuitton Korea Customer Data Compromised in Cyberattack
Louis Vuitton Korea experienced a cyberattack in 2025, similar to an incident affecting its UK operations, where customer personal data was exfiltrated. The company began notifying affected customers in South Korea as part of a staged disclosure process for a single, widespread incident impacting multiple LVMH brands. No payment data was compromised.
Cl0p Ransomware Group Exploits Oracle E-Business Suite Zero-Day
The Cl0p ransomware group launched a large-scale extortion campaign by exploiting a zero-day vulnerability (possibly CVE-2025-61882) in Oracle's E-Business Suite (EBS). This led to critical data breaches for dozens of large corporations, with over 100 companies allegedly impacted. The exploitation activity was observed as early as August 9, 2025, weeks before a patch was available, and suspicious activity dated back to July 10, 2025. The threat actors exfiltrated a significant amount of data from impacted organizations and sent high-volume emails to executives demanding payment.
LastPass confirms data breach in Klue supply chain attack
LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company's OAuth tokens in a supply chain attack targeting Klue, a third-party market intelligence platform. The unauthorized actor obtained OAuth tokens from Klue, which were then used to access LastPass customer data. Exposed information includes customer names, phone numbers, email addresses, physical addresses, support case information, and sales/CRM-related data. LastPass stated that its core products, services, and infrastructure, including customer vaults, were not affected by this incident. The Icarus extortion group claimed responsibility for the Klue attack.