Texas Department of Transportation reports data breach exposing data of nearly 300K crash reports

The Texas Department of Transportation (TxDOT) reports a cybersecurity incident that resulted in the exposure and theft of nearly 300,000 crash reports containing sensitive personal information of drivers across the state.

The breach was discovered on May 12, 2025, when TxDOT identified unusual activity in its Crash Records Information System (CRIS). Subsequent investigation revealed that the activity originated from a compromised account that was used to access and download the substantial volume of crash records.

The agency said it is implementing additional security measures on accounts to prevent similar incidents, and the breach is under investigation. The exposed data includes:

• Full names (first and last names)
• Mailing and/or physical addresses
• Driver license numbers
• License plate numbers
• Car insurance policy numbers
• Other unspecified personal information

TxDOT said that notification is not legally required, but the agency took "proactive steps" to send letters to impacted individuals whose information was included in the compromised crash reports. The agency established a dedicated assistance hotline for affected individuals, providing support at 1-833-918-5951 (toll-free), available Monday through Friday from 8 a.m. to 8 p.m. Central Time, excluding U.S. holidays.