TxDOT data breach: Nearly 300K crash reports downloaded through compromised account

AUSTIN, Texas - Nearly 300,000 crash reports were downloaded through a compromised account, says the Texas Department of Transportation.

TxDOT data breach

What we know:

TxDOT says that on May 12, it identified "unusual activity" in its Crash Records Information System (CRIS).

An investigation revealed that the activity originated from a compromised account that was used to improperly download nearly 300,000 crash reports.

TxDOT says it immediately disabled the account's access and how the account was compromised is still under investigation.

What is included in a TxDOT crash report?

Why you should care:

Personal information included in crash records may contain: first and last name, mailing and/or physical address, driver license number, license plate number, car insurance policy number and other information. 

What is TxDOT doing about this?

What's next:

TxDOT says it is sending letters to notify impacted individuals whose information was included in those reports, despite notification in this case not being required by law.

TxDOT is also implementing additional security measures for accounts to help prevent similar incidents in the future. 

What you can do:

Anyone who has received a letter from TxDOT about this is urged to call the dedicated assistance line at 1-833-918-5951 (toll-free), Monday through Friday, from 8 a.m. – 8 p.m. Central Time (excluding U.S. holidays). 

Those calling should also be prepared to provide the engagement number included in the letter.

A sample letter can be seen below: