A cyberattack that took place last month may have left the personal data of thousands of people exposed, according to a June 6 statement from TxDOT.

TxDOT reported that on May 12, 2025, “unusual activity” was detected in its Crash Records Information System (CRIS). An internal investigation revealed that a compromised account had been used to access and download nearly 300,000 crash reports.

The account has since been disabled, and TxDOT says it is working to strengthen its cybersecurity to prevent similar incidents in the future.

According to officials, the crash reports may have included the following personal information:

• Full name

• Mailing and/or physical address

• Driver license number

• License plate number

• Car insurance policy number

TxDOT is notifying affected individuals by mail.

Anyone who believes their data may have been exposed is advised to be cautious of emails or text messages related to crash reports. People are urged not to share personal information such as Social Security numbers or bank details with unknown senders.