A data breach involving a Texas Parks and Wildlife vendor may have leaked personal information linked to more than 3 million people. Here’s what happened, what data was taken, and how you can better protect yourself.
Table of Contents
What Happened?
The agency said it was notified by the Texas Cyber Command that a third-party vendor responsible for selling hunting and fishing licenses had suffered a cybersecurity incident. TPWD announced the breach on June 22, 2026.
The organization said license sales were not affected. The vendor involved has not been publicly identified, and officials have not shared who carried out the attack.
Who Was Affected and What Data Was Leaked?
The breach may affect more than 3 million people who purchased hunting or fishing licenses through the vendor’s system.
According to TPWD, the stolen information may include:
- Email addresses
- Home addresses
- Phone numbers
- Driver’s license information
- Passport numbers
The agency said Social Security numbers, dates of birth, and financial information, including credit card details, were not obtained. TPWD also said there is no evidence that customers under 18 were involved.
Even when financial information is not involved, personal details can still be valuable to criminals. Information such as your address, phone number, driver’s license details, or passport information can help make phishing emails, fake phone calls, and impersonation attempts appear more convincing.
It is also important to remember that many people never realize their information was affected in a data breach. Some incidents receive little public attention, while others are discovered months later.
If you are not sure whether your information was leaked somewhere online, automatic monitoring can help you spot problems earlier.
Futureproof monitors your data for leaks 24/7 and helps you reduce scam risks with simple, clear steps.
Futureproof monitors your information for data leaks 24/7 and guides you with clear steps to keep it safer from scams.
Run a free checkHow Did the Attack Happen?
TPWD said the breach happened at a third-party vendor that handles hunting and fishing license sales. A third-party vendor is an outside company hired to provide services for another organization.
Officials have not publicly explained how hackers gained access to the vendor’s systems. As a result, it is currently unclear whether the attack involved stolen passwords, malware (harmful software that steals or damages information), phishing, or another method.

At Futureproof, Kevin explains digital safety in simple words, with clear tips and zero fluff. He holds a degree in information technology and studies fraud trends to keep his tips up-to-date.
In his free time, Kevin plays with his cat, enjoys board-game nights, and hunts for New York’s best cinnamon rolls.
