Hackers Leak Passport and Driver’s License Data of 3 Million Texans
What Happened — A threat‑actor group accessed a database containing personal identification records and extracted passport numbers and driver’s license details for roughly 3 million Texas residents. The breach was publicly disclosed after security researchers identified the data being sold on underground forums.
Why It Matters for Compliance & Audit Readiness
- Exposure of government‑issued IDs triggers CCPA/CPRA and GDPR‑style privacy obligations; organizations must demonstrate lawful processing, consent management, and timely breach notification.
- SOC 2 CC 3.0 (Confidentiality) and CC 5.0 (Privacy) controls require documented evidence of data‑handling policies, DSAR processes, and continuous monitoring of data‑access logs.
- Verisq’s CookiePLUS capability provides a unified consent‑management layer and DSAR automation that can serve as audit‑ready evidence for privacy controls.
Who Is Affected — State‑level agencies, contractors handling resident data, and any service providers that store or transmit Texas ID information.
Recommended Actions
- Map the incident to SOC 2 privacy controls (CC 5.1, CC 5.2) and verify that consent records and DSAR procedures are up‑to‑date.
- Collect forensic logs and access records as evidence for audit trails; store them in an immutable repository.
- Initiate breach‑notification workflows per CCPA/CPRA and assess any required regulator reporting.
- Deploy a consent‑management solution (e.g., CookiePLUS) to centralize privacy preferences and streamline DSAR fulfillment.
Technical Notes – The attackers leveraged compromised credentials from an internal admin portal (method not fully disclosed) to query the resident‑ID database. No specific CVE was cited. Data types included passport numbers, driver’s license numbers, full names, and dates of birth. Source: Malwarebytes Labs – A week in security (June 22‑28)