- Texas Department of Transportation confirmed to suffer a cyberattack
- A threat actor used compromised credentials to access the system
- Hundred thousand of names, addresses and PII were exposed
Texas Department of Transportation (TXDOT), a government agency responsible for supervising the construction, maintenance and operation of the state’s transport system, suffering a cyberattack and lost sensitive personal items.
The agency confirmed the news in a short review published on its website earlier this week.
According to the message, a threat actor used a compromised government account to access TXDOT’s systems. After discovering “unusual activity” in Crash Records Information System (CRIS), the Agency further investigated and found that the striker was given access and downloaded nearly 300,000 crash reports.
The data stolen in the violation contains full names, mailing addresses, driver’s license numbers, license plate numbers, car insurance policy numbers and other information (such as persistent damage or crash description).
Gta, minecraft, cod, sims hit everyone
TXDOT said it immediately disabled access from the compromised account and notified affected persons. They have been warned to be wary of potential phishing and social technical attacks, the theme of car accidents. It also said that it implemented “additional security measures for accounts” to prevent similar events in the future, but did not detail what these measures are.
This type of information is quite useful for cyber criminals. They can use it to send personalized phishing -e emails, the theme of something the victim is familiar with and has interacted with in the past. Such phishing -attacks are more successful than random, generic and can lead to identity theft, thread fraud, malware attacks or even ransomware.
Government bodies are a popular goal, mostly, as they often have sensitive citizen information. At the beginning of April 2025, the Florida Department of State suffered a data violation that may have postponed information about 500,000 people, and in August 2024 national public data confirmed that it was affected by data violation – and millions of users were in danger.
At the time of the press, no threat actors assumed responsibility for this attack.
Via Bleeping computer
