HomeIntelligenceBrief
BREACH BRIEF🟠 High Breach

Hackers Access Third‑Party Vendor, Exposing Passport and Driver’s License Data of 3 Million Texans

Hackers breached a vendor used by the Texas Parks and Wildlife Department, exposing driver’s license and passport data of more than 3 million residents. The incident underscores the need for robust vendor risk management and SOC 2 controls to maintain continuous audit readiness.

LiveThreat™ Intelligence · 📅 June 24, 2026· 📰 malwarebytes.com
🟠
Severity
High
BR
Type
Breach
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
3 recommended
📰
Source
malwarebytes.com

Hackers Access Third‑Party Vendor, Exposing Passport and Driver’s License Data of 3 Million Texans

What Happened — Hackers breached a third‑party vendor that processes hunting and fishing licenses for the Texas Parks and Wildlife Department (TPWD). The attackers exfiltrated personal information for 3,087,721 Texans, including driver’s license numbers, passport numbers, email addresses, phone numbers, and residential addresses. TPWD has not disclosed the vendor’s identity or the exact method of compromise.

Why It Matters for Compliance & Audit Readiness

  • A vendor‑management failure directly violates SOC 2 criteria for security and privacy, highlighting the need for documented due‑diligence and continuous monitoring of third‑party controls.
  • The breach demonstrates the importance of maintaining audit‑ready evidence (e.g., vendor SOC 2 reports, monitoring logs) to prove that vendor risk is being actively managed.
  • Continuous‑compliance programs must include breach‑response procedures that cover third‑party incidents, ensuring timely notification and remediation.

Who Is Affected — State government agencies, public‑sector vendors handling citizen identity data, and any organization that outsources processing of personally identifiable information (PII).

Recommended Actions

  • Map the vendor to your SOC 2 vendor‑management controls (CC6.1) and verify that a recent SOC 2 or equivalent attestation exists.
  • Deploy continuous security monitoring of the vendor’s environment to capture real‑time evidence of control effectiveness.
  • Update incident‑response playbooks to incorporate third‑party breach scenarios and conduct tabletop exercises.
  • Notify affected individuals per state breach‑notification laws and provide guidance on identity‑theft protection. Source: Malwarebytes Labs

Technical Notes — The breach was disclosed via a TPWD public statement; the exact attack vector (e.g., credential theft, misconfiguration) was not disclosed. Data types potentially exposed include driver’s license numbers, passport numbers, email, phone, and address; some reports also list Social Security numbers, though TPWD later denied their inclusion. Source: Malwarebytes Labs

📰 Original Source
https://www.malwarebytes.com/blog/data-breaches/2026/06/hackers-steal-passport-and-drivers-license-data-of-3-million-texans

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Vendor Risk Hub

Point-in-time vendor reviews miss incidents like this.

Verisq AI Trust Operations replaces the annual questionnaire with continuous third-party monitoring — so vendor exposure becomes audit evidence, not a once-a-year guess.

See how Verisq AI Trust Operations works →