Criminal gang receives 3K Texas IDs from DPS in cyber fraud case, director says

The cards were ordered from the texas.gov website which processes renewals. It's managed by the Texas Department of Information Resources, which is located in a building near the state capitol.

AUSTIN, Texas - Texas IDs and driver's licenses are designed to prevent them from being copied. However, members of a House budget subcommittee on public safety and criminal justice got a surprise about those cards.

DPS Director Steve McCraw revealed a criminal organization was able to get a lot of real ones and got them from the state.

"How many Texans has this happened to," asked Subcommittee Chair Mary Gonzalez (D) El Paso County.

That question was answered by Director McCraw.

"Best we can. Well, we don't know the exact number right now, but at least 3,000. Okay. Well, potentially could have had their identity taken. That is replacement driver's license," said DPS Director Steve McCraw.

The cards were ordered from the texas.gov website which processes renewals. It's managed by the Texas Department of Information Resources, which is located in a building near the state capitol.

Investigators say a crime gang from China operating out of New York got through the online security questions by using stolen personal information.

A spokesperson for Texas DIR sent FOX 7 the following statement:

"Protecting the state’s technology infrastructure and the data of Texans is the Department of Information Resources (DIR)’s number one priority. The issue Director McCraw referenced was a case of fraudulent criminal activity based on factors unrelated to state systems, not a cybersecurity incident. No state systems, including the state’s portal, were hacked or breached.

However, just as we would in a cyber incident, we adapt to harden systems and strengthen security. Immediately after discovering the incident, DIR and DPS, along with our industry service providers, formed a team to assess and determine any vulnerabilities and prevent such fraudulent activity from happening in the future.

This incident underscores the sophistication, resources, and brazenness of this criminal organization and, as this is an ongoing investigation, DIR will not comment further on the details of any measures that have been or will be implemented to prevent crime."

The committee, during the Monday hearing, asked Jeoff Williams, the DPS Director for Law Enforcement Services, what was done to address the access problem.

"Once we became aware of that, we turned off the ideology question feature. No longer is that available today. A person cannot go on and do that. Additionally, we requested that DIR and their vendor make some changes to the credit card transaction process," said Williams.

People with names, that indicate Asian descent, were targeted. It’s believed the new cards can be used for human smuggling and possibly espionage. Officially what happened is not being called a security breach, but a case of cyber fraud.

Texas is one of about four states targeted and arrests are being made. The scheme started just before Christmas, but notification letters to possible victims were held off until this week. McCraw said it was done to protect the investigation.

FOX 7 spoke to cybersecurity expert John Miri about how the potential 3,000 victims should react to those letters.

"In this case, given what we know so far about the intent, it's unlikely that they're trying to steal money from these individuals. So they will probably not get any statements to their house. They probably will try to keep you from finding out that your data is being used as long as possible, so they can impersonate you for other purposes," said Miri.

Miri recommends the following security steps.

Notify the IRS and get an identification protection pin.
Change passwords to all financial accounts.
Move to a two-factor password authentication.
Update your smartphone apps
Subscribe to a credit protection service.

DPS sent thousands of Texas driver's licenses to organized crime group

According to the Texas Tribune, after gathering the victims' personal data, the thieves were able to use it to bypass security on the state's website and order replacement licenses.

"If you see something in your credit report that looks like you may be one of the 3,000 and someone's opening accounts in your name, definitely contact law enforcement and make a police report, because the other thing you want to protect against is it's highly likely that the parallel nefarious copy of you is being created to facilitate some criminal activity. So when you do want to have happen, is the evidence building up that the parallel copy of you committed some crime, and then you're trying to defend yourself from something that you didn't do," said Miri.

Business owners and government agencies are also urged to step up their screening process for new hires. Miri recommends expanding background checks, and mandating in-person interviews, even for jobs that are done remotely. Those extra steps may help discourage bad actors from trying to apply.

FOX 7 also contacted the Cybersecurity & Infrastructure Security Agency. Its part of the U.S. Department of Homeland Security and was created to help local governments, agencies and businesses increase security measures.

Resource links are below: