Texas Parks & Wildlife: 3.08M licence holders exposed via an unnamed third-party vendor — with a public-vs-AG-filing SSN contradiction

The Texas Parks and Wildlife Department disclosed on 2026-06-18/19 that a breach at an unnamed third-party vendor handling hunting and fishing licence sales exposed 3,087,721 customers' names, driver's-licence numbers, passport numbers, email addresses, phone numbers and residential addresses (BleepingComputer, 2026-06-19). The Texas Cyber Command flagged the intrusion (reported 13 May). TPWD's public statement said Social Security numbers were not involved — but The Register reviewed the agency's own filing to the Texas Attorney General's breach portal and reports it contradicts that, indicating SSNs were included (The Register, 2026-06-19). The vendor remains unnamed; Kroll is providing credit monitoring.