NEWYou can now listen to Fox News articles!
Buying a hunting or fishing license should feel like one of the safest things you do online. You pick the license, pay for it and get ready for your next trip outdoors. But now, a cyberattack tied to the Texas Parks and Wildlife Department has put personal information for more than three million license customers at risk.
The agency says the attack hit a vendor that handles the sale of hunting and fishing licenses. Texas Cyber Command detected the incident, and the state says an unauthorized actor may have obtained personal data from customer profiles. That is the part that should get your attention. Even when credit card numbers and Social Security numbers are spared, your license details, phone number and home address can still give scammers a lot to work with.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
FBI WARNS MICROSOFT USERS ABOUT PASSWORDLESS SCAM
Millions of Texas hunting and fishing license holders are being urged to monitor their accounts after a vendor cyberattack exposed sensitive personal data. (Photo Illustration by Thomas Imo/Photothek via Getty Images)
What happened in the Texas Parks and Wildlife data breach
The Texas Parks and Wildlife Department says its license system vendor was hit by a cybersecurity incident.
The agency says the investigation found that an unauthorized actor may have obtained data tied to 3,087,721 Texas hunting and fishing license customers.
TPWD did not identify the vendor in its public notice. However, it says it has strengthened access controls for customer profile data and plans to add more security features.
In other words, this involved a state license system connected to millions of people.
What information may have been exposed
TPWD says the exposed information may include:
- Driver license information
- Passport numbers, if provided
- Email addresses
- Phone numbers
- Residential addresses
That mix of data can help criminals sound convincing. A scammer who knows your name, phone number, home address and license-related details can make a fake call or email feel very personal.
The agency says Social Security numbers, dates of birth and financial information, including credit card details, were not obtained. TPWD also says there is no evidence that customers under 18 were involved or that any specific group was targeted.
Still, this breach should not be brushed off. Driver license information and passport numbers can create serious problems if they fall into the wrong hands.
Why this breach can still put you at risk
You might hear that hackers did not get credit card numbers and breathe a sigh of relief. I get that. But scammers do not always need your full financial file to cause trouble. Personal details can help them impersonate a state agency, a license vendor or even a bank. One message may claim there is a problem with your license account. Another may ask you to “verify” your identity. A fake link can also look official enough to trick someone who is moving fast.
That is where this kind of breach gets dangerous. The more a scammer knows about you, the easier it becomes to lower your guard. A fake message that includes accurate personal details can feel legitimate, especially if it shows up right after a public breach.
What Texas Parks and Wildlife says it has done
TPWD says immediate steps were taken to strengthen access controls for customer profile data. The agency also says it is working with the license system vendor to add more safeguards and enhanced monitoring.
In a statement to CyberGuy, TPWD said, “We recognize the seriousness of this issue and have identified and implemented additional security options to better protect customer information. Many of our staff are hunters and anglers and were affected by this incident. We are committed to working with the license system vendor to implement increased safeguards.”
Fishing guide Mike McBride of Port Mansfield, Texas, adds a third fish to his catch of redfish in the Lower Laguna Madre. (Bob Hood/Fort Worth Star-Telegram/Tribune News Service via Getty Images)
TPWD also said license sales will continue on schedule for August and the next license year, adding that it believes “current and future customer data are not at risk.”
That means customers should be able to buy hunting and fishing licenses as planned while the state works through the fallout from the breach.
Who should take action now
If you bought a Texas hunting or fishing license, use this breach as a reason to check your accounts and tighten your identity protections.
Affected customers can confirm eligibility for one year of free credit monitoring by calling the dedicated response line at 844-959-7123.
The enrollment deadline is Sept. 14, 2026. The call center is open Monday through Friday from 8 a.m. to 5:30 p.m. CT.
Do not wait for a suspicious charge or strange letter to show up. Breach cleanup works best when you act before someone tries to use your information.
How to protect yourself after the Texas Parks and Wildlife data breach
If you bought a Texas hunting or fishing license, these steps can help you reduce your risk and spot suspicious activity early.
1) Sign up for credit monitoring or consider identity theft protection
If you are eligible, sign up for the free credit monitoring before September 14, 2026. Credit monitoring can alert you when new credit activity appears in your name. It will not stop every type of identity fraud, but it can give you an early warning. If you were not affected by this breach, now is still a good time to consider identity theft protection. These services can help monitor your personal information, alert you to suspicious activity and guide you if someone tries to use your identity. See my tips and best picks on Best Identity Theft Protection at Cyberguy.com
2) Freeze your credit
A credit freeze is one of the strongest moves you can make after a breach. It makes it harder for someone to open a new account in your name. You need to freeze your credit separately with Equifax, Experian and TransUnion. It is free. You can also lift the freeze when you need to apply for credit.
EMPTY ENVELOPES IN YOUR MAILBOX? DO NOT SCAN THAT CODE
Texas officials say a vendor breach may have exposed driver’s license information, passport numbers and contact details, but not Social Security numbers or payment information. (Photo by Philip Dulian/picture alliance via Getty Images)
3) Add a fraud alert
A fraud alert tells lenders to take extra steps before opening new credit in your name. You can place a free one-year fraud alert by contacting one of the major credit bureaus. That bureau should notify the other two. This is a good option if you want extra protection but are not ready to freeze your credit.
4) Report identity theft if something looks wrong
If you see signs that someone used your information, report it right away. That could include new accounts you did not open, strange letters about benefits, unfamiliar bills or credit checks you do not recognize. The FTC’s IdentityTheft.gov can help you create a recovery plan based on what happened.
5) Remove your personal information from people-search sites
Your name, address and phone number may already appear on data broker sites. A breach can make that exposure feel even more personal. A data removal service can help reduce how much of your personal information appears online. You can also manually request removal from major people-search sites. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting CyberGuy.com.
6) Watch for driver’s license misuse
Because driver’s license information may have been exposed, pay close attention to anything tied to your ID. That includes notices about duplicate licenses, address changes, traffic issues, government benefits or accounts you did not request. If something feels off, contact the proper agency directly. Do not use a phone number or link from a surprise message.
7) Be careful with passport-related scams
If you provided a passport number, be extra cautious with calls or emails that claim there is a problem with your passport or travel documents. Do not give out personal information to someone who contacts you first. Go directly to the official agency website or call a verified number instead.
8) Watch for fake TPWD messages
Scammers may use this breach as bait. Be careful with any email, text or call that claims to come from Texas Parks and Wildlife, a license vendor or a credit monitoring service. Do not click links from surprise messages. Go directly to the official website or call the dedicated response line instead.
9) Use strong antivirus software
Scammers may use this breach to send fake emails, texts or links that look official. Strong antivirus software can help block malicious links, detect phishing attempts and warn you before you download something dangerous. Keep it updated on your phone, tablet and computer so it can catch newer threats. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com.
10) Do not share verification codes
If someone calls and asks for a code sent to your phone or email, stop. That is a major red flag. Scammers use those codes to get into accounts. No legitimate support agent should pressure you to hand one over.
11) Check your financial accounts
Even though TPWD says financial information was not obtained, you should still review your bank and credit card statements. Look for small test charges, unfamiliar subscriptions or anything that seems off. Report suspicious activity right away.
12) Use strong passwords and two-factor authentication
This breach does not appear to involve passwords, but scammers may use exposed personal details to target your other accounts. Use a password manager to create strong, unique passwords. Turn on two-factor authentication (2FA) for important accounts, especially email, banking and shopping accounts.
WORLD CUP TICKET SCAMS TARGET DESPERATE FANS
A cyberattack tied to a Texas Parks and Wildlife Department vendor may have exposed the personal information of more than 3 million hunting and fishing license customers. (Photographer: Daniel Acker/Bloomberg via Getty Images)
Kurt’s key takeaways
This breach is a reminder that everyday government transactions can carry a lot of personal data behind the scenes. You may think of a hunting or fishing license as a routine purchase. But the information connected to that purchase can include driver’s license details, passport numbers, phone numbers and your home address. That gives imposters enough context to make a scam sound believable. The best move now is to stay ahead of it. Use the official response line, sign up for monitoring if you qualify, freeze your credit and be extra careful with any surprise message about your license or identity. The vendor may have been the target, but Texans are the ones left watching their information.
Should state agencies be required to publicly name vendors after a breach this large, or would that make future investigations harder? Let us know by writing to us at CyberGuy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
