Hackers stole driver's licenses and passports belonging to more than 3 million Texans in a state government data breach, though the notification tells victims almost nothing about how or when it happened.
A Texas government agency suffered a breach exposing government-issued ID documents for more than 3 million people. The notification does not identify which agency was compromised, and it does not disclose when the breach occurred or how long attackers maintained access. These omissions are not incidental — the source material itself leaves both details out, and the original notification did not include them. What the notification does confirm: the document types taken (driver's licenses and passports) and the number of people affected.
Government-issued IDs are among the most dangerous data to lose. They're used to open financial accounts, file fraudulent tax returns, and defeat the kind of identity verification that a photo and a document number can bypass. Three million records at this document tier is a serious exposure, and victims who don't know when the breach happened can't meaningfully narrow down which accounts or filings to scrutinize. Without an agency name, there's no obvious channel for affected Texans to seek targeted guidance beyond generic credit-monitoring advice.
State breach notifications are often criticized for disclosing only what the law's minimum requires. This one doesn't appear to clear even that bar.