Data from more than 300,000 crash reports compromised in Texas DOT system

Published on June 13, 2025

The Texas Department of Transportation (TxDOT) says a compromised online account downloaded personal data from 300,000 crash reports. 

TxDOT identified unusual activity in its Crash Records Information System (CRIS) on May 12, according to a recent news release. It discovered a compromised account was used to improperly access and download the crash reports. 

Access from the compromised account was immediately disabled, the release says. 

Personal information included in the crash reports includes first and last name, mailing and physical address, driver’s license number, license plate number, and car insurance policy number and information. 

According to TxDOT, notification is not required by law in this specific case. However, TxDOT has taken steps to inform the public by sending letters to notify the impacted individuals whose information was included in the crash reports. 

The letter advises those affected by the breach to be vigilant for any suspicious email or text messages related to crash information. This includes not providing anyone with personal information, such as a Social Security number, bank account, or any other sensitive information. 

“TxDOT is implementing additional security measures for accounts to help prevent similar incidents in the future,” the release says. “The compromise is under investigation.”

Representatives of StoredTech took Collision Industry Conference (CIC) meeting attendees through the minutes, hours, days, weeks, and months of a fictional auto repair shop owner following a cybersecurity attack on his business.

Allan Polak, StoredTech senior of technology, said 60% of small businesses close within six months of cyber attacks. About 90% of those attacks start with a phishing attempt, often an email with a clickable link, he said. 

Unsecured networks that don’t have proper firewalls or strong passwords are a few ways hackers gain access, Polak said. He said disgruntled employees are another cause of concern. 

Attacks on business supply chain networks can cause issues for small businesses as well, Polak said. 

It is important to do software updates for all programs and networks, he said. 

Aleks Pavlinik, StoredTech chief information security officer, said other safety measures include multi-factor authentication and security awareness training services. 

“It’s layers and layers of security,” Pavlinik said. “We’re layering all these different security technologies on top, because if there’s a failure somewhere in that chain, we have backups on that in the sense of something else might be able to block it.”

In the scenario provided, Pavlinik said $5,000 could have been invested annually to get the right protections, as opposed to more than $150,000 to $200,000 lost in a cyber attack.

IMAGE

Photo courtesy of anyaberkut/iStock

Continue reading on website
Other news

Trump signs California vehicle emission waiver reversal into law

June 13, 2025
President Donald Trump has signed into law three Congressional Review Act (CRA) resolutions disapproving California’s vehicle emission waivers.The U.S. House passed the reversal of the Environmental Protection Agency (EPA)’s approval of a waiver for California and 11 states to ban the sale of new gas-powered vehicles by 2035. Shortly after, the Senate approved the reversal.In December, the EPA gra

CAPA decertified 8 parts in May, including three Tong Yang parts

June 13, 2025
CAPA decertified eight parts in May, including three metals, four plastics, and one lighting part, according to their June decertified parts report. The list included parts from manufacturers Tong Yang, Da Juane, Y.C.C. Tran Hung, and TYC Brother. All parts on June’s list were decertified in May. Tong Yang has had nine parts decertified this year — three in May, one in March, three in February, an