Nearly 300,000 crash records stolen from Texas transportation department

State agencies in Texas and Illinois released warnings in recent days about data breaches affecting the sensitive information of thousands of people. 

Texas said hackers compromised an account at the Department of Transportation (TxDOT) and discovered unusual activity on May 12 involving its Crash Records Information System (CRIS).

An investigation found that the compromised account was used to access and download almost 300,000 crash reports. Texas is legally required to maintain CRIS, which tracks all details of crashes and the people involved. 

Texas officials said the crash records include names, addresses, driver’s license numbers, license plate numbers, car insurance policy number and more. Information about injuries sustained during a crash and a narrative of the incident are also included in all crash reports. 

The advisory claims they are not required by law to notify the public of the incident but decided to “inform the public by sending letters to notify the impacted individuals whose information was included in the crash reports.”

Texas shut down the compromised account as soon as it was discovered and is continuing to investigate the incident. TxDOT did not respond to requests for comment about the hackers behind the breach and would only confirm that they are investigating the compromised account. 

The letters sent to victims warn them to be wary of any emails, texts or calls related to past crashes. A dedicated call line was created for victims with more questions. 

The incident in Texas was revealed on the same day that a state agency in Illinois released a similar warning of a data breach.

The Illinois Department of Healthcare and Family Services (HFS) said 933 people had information stolen during an incident in February where a hacker was able to successfully phish one of its employees. 

The hacker sent emails to HFS employees from another compromised government email account so that the emails looked trustworthy to HFS employees. 

“As a result of these actions, one HFS employee’s emails and documents were compromised,” HFS said in letters to victims. 

The information stolen ranges from Social Security numbers to driver’s licenses, state ID cards and financial information related to child support, Medicaid and more.