By REBECCA RUTHERFORD
Los Alamos
For the Los Alamos Daily Post
Need another reason to dislike Texas (kidding!)? If you or anyone you know bought a Texas hunting or fishing license recently, your personal information may already be in criminal hands.
A breach involving a third-party vendor used by the Texas Parks and Wildlife Department has exposed data belonging to more than three million people. We are talking driver’s license numbers, passport numbers, email addresses, phone numbers, and home addresses. Yikes!
That combination is worth understanding. A driver’s license number tied to your name and address is enough to impersonate you in many state and financial systems. Add a passport number and a criminal has the backbone of identity verification in the United States covered from two directions. Together with your phone number and home address also in the mix, that’s nearly everything needed to open credit accounts, apply for loans, or file fraudulent tax returns.
Unlike a compromised credit card, these document numbers do not lose their value quickly. They sit in criminal databases for years, waiting for the right opportunity.
Here is where phishing enters the picture. Breaches like this one do not just hand criminals your data; they hand them a script. When scammers know your name, your email address, your phone number, and the fact that you bought a Texas fishing license, they can write a very convincing message. It might look like an “official” notice from TPWD about the breach itself. It might arrive by text asking you to confirm your driver’s license number to enroll in the free credit monitoring the agency is offering. Any of those would be fake.
This is not a hypothetical. After every major breach, phishing campaigns targeting affected individuals follow quickly. The stolen contact information is exactly what makes those campaigns work.
A few things worth doing right now if you think you are affected. First, freeze your credit at all three bureaus: Equifax, Experian, and TransUnion. A freeze costs nothing and makes it significantly harder for anyone to open new accounts in your name. Second, TPWD is offering one year of free credit monitoring through Kroll; enrollment closes Sept. 14, 2026. Third, treat any unexpected message referencing TPWD, fishing licenses, or this breach as suspicious until proven otherwise. If it asks you to click a link or confirm identity documents, do not do it. Go directly to tpwd.texas.gov instead.
One more thing worth knowing. Texas has seen major data exposures before. A 2020 incident exposed records for nearly 28 million Texas drivers. A 2025 breach at the state health department affected close to 94,000 people. Criminals often combine data from multiple leaks, meaning information that looks limited on its own becomes much more useful when paired with what was already out there.
You cannot un-ring the bell once your information is out. What you can control is how hard you make it for someone to use that information against you. Freeze, monitor, and stay skeptical of anything that lands in your inbox or your text messages claiming to be official.
Stay sharp out there.
Editor’s note: Rebecca Rutherford works in information technology at Los Alamos National Laboratory.