On May 12, 2025, the Texas Department of Transportation experienced a security incident that exposed 300,000 crash records containing personal information, including driver’s license numbers and insurance details.
Compromised Login Used to Breach TxDOT Crash Records System
The Texas Dept. of Transportation breach was confirmed to have originated from unauthorized access to the Crash Records Information System (CRIS), a database used to store crash reports across the state. The attacker gained access using compromised login credentials tied to a legitimate user account. This May 12 2025 TxDOT security incident was quickly flagged by internal monitoring systems that detected unusual activity within CRIS.
“On May 12, 2025, TxDOT identified unusual activity in its Crash Records Information System (CRIS),” the department stated.
“Further investigation revealed the activity originated from an account that was compromised and used to improperly access and download nearly 300,000 crash reports. TxDOT immediately disabled access from the compromised account.”
This confirms the incident as a case of unauthorized access—not ransomware, extortion, or malware—but a direct login using stolen credentials.
What Was Stolen in the 300k Texas Crash Report Leak?
The data downloaded from CRIS contains sensitive information that could expose victims to fraud and social engineering. According to TxDOT, each crash report may include:
- Full names
- Physical addresses
- Driver’s license numbers
- License plate numbers
- Insurance policy numbers
- Details of injuries and crash circumstances
The scale of this event raises serious concerns for those affected, particularly around the risk of identity fraud and phishing attempts using these details.
TxDOT Response and Security Steps Following the Breach
Immediately after discovering the attack, TxDOT took action to block the compromised account and prevent further access. While the identity of the attacker remains unknown, and no ransomware or extortion groups have claimed responsibility, the department has stated it is implementing additional security measures to protect its systems going forward.
The agency is currently issuing data breach notifications to individuals whose information may have been affected. However, the department has not disclosed the total number of impacted individuals.
Notably, the breach letters sent out do not offer credit monitoring or identity theft protection services. Instead, affected individuals are being urged to:
- Monitor their credit reports
- Consider placing a credit freeze
- Watch for suspicious or targeted phishing communications
A TxDOT breach notification support hotline has been established to assist victims and provide further information.
No Further Updates Yet From TxDOT
As of now, no further details have been provided regarding the exact number of individuals impacted or the source of the credential compromise.
This Texas transportation department cyberattack is yet another reminder of the high-value nature of personal data within public-sector systems. The exposure of this information, especially within the context of crash records, poses a long-term risk for those affected.
