Roughly three million people who bought a Texas hunting or fishing license have had personal data exposed in one of the largest breaches ever to hit the state's outdoor community.
The Texas Parks and Wildlife Department (TPWD) said it was alerted to the intrusion by the newly formed Texas Cyber Command on May 13, 2026. The attackers reached customer records held by a third-party vendor that runs the agency's online license system. TPWD has not named the vendor, and investigators say it remains unclear who was behind the attack.
The stolen information is substantial. Exposed records include driver's license numbers, passport numbers, email addresses, phone numbers and home addresses — the kind of data that fuels identity theft and targeted scams. TPWD was quick to stress what the hackers did not get.
"Social Security numbers, dates of birth and financial information, including credit card details were not obtained from this incident," the department said. It added that records belonging to minors were not part of the breach.
The agency framed the episode as one that hit its own people too.
"Many of our staff are hunters and anglers and were affected by this incident," TPWD said. "Immediate steps were taken to strengthen access controls for customer profile data."
That reassurance only goes so far for security researchers, who note that driver's license and passport numbers are precisely the records criminals prize. Unlike a credit card, you cannot simply cancel and reissue a passport number, and a driver's license number paired with a name and address is enough to seed convincing impersonation or document fraud. Outlets covering the breach, including SecurityWeek and Cybernews, flagged that the absence of Social Security numbers does not make the haul harmless — it makes it slower-burning.
TPWD urged license holders to treat the exposure seriously. The department recommended that affected customers "actively monitor for the possibility of fraud and identity theft by reviewing your credit report and financial statements for any unauthorized activity," and to consider placing a credit freeze or fraud alert.
The agency is offering one year of free credit monitoring through Kroll. Affected anglers and hunters have until September 14, 2026 to enrol, and TPWD has set up a dedicated support line at (844) 959-7123, open Monday to Friday, 8 a.m. to 5:30 p.m. Central. Officials also warned customers to be alert for phishing emails and phone scams that reference the breach itself.
For the everyday angler, the practical fallout is awkward rather than catastrophic. License sales have not been interrupted, and anyone planning a summer trip can still buy or renew as normal. But the breach is a reminder that the simple act of registering to fish now leaves a digital trail — one that is only as secure as the contractor holding it.
TPWD says it is rebuilding that trust from the vendor up. "We are committed to continuing to work with the license system vendor to implement increased safeguards to prevent future incidents," the department said. Whether three million Texans extend that trust may depend on how quietly — or loudly — the stolen data surfaces in the months ahead.