Thursday, June 12, 2025
Latest:
The Register

Texas warns 300,000 crash reports siphoned via compromised user account

TH Author

The Texas Department of Transportation says a compromised user account was used to improperly download nearly 300,000 crash reports, exposing personal data that could be exploited for financial fraud against Lone Star drivers.

The agency reports that on May 12 it spotted “unusual activity” in its Crash Records Information System, which stores crash reports filed by law enforcement across Texas. It turns out unknown miscreants had compromised a user account and siphoned off data they weren’t supposed to touch.

“Personal information included in crash records may contain: first and last name, mailing and/or physical address, driver license number, license plate number, car insurance policy number and other information,” the department warned.

“Notification, in this case, is not required by law, but TxDOT has taken proactive steps to inform the public by sending letters to notify the impacted individuals whose information was included in the crash reports.”

The Texas Department of Public Safety is handling the inquiry into how this happened. The department had not responded to questions at the time of publication.

These kinds of details can be a gold mine for insurance fraud. For example, in 2023, 23 people were charged in California for allegedly running a long-running auto insurance fraud ring that netted them over $174,000 over four years, using staged crashes and recycled damage claims involving at least 40 vehicles.

“This alleged auto insurance fraud ring is a prime example of the type of fraud that increases premium prices for all California drivers,” said California’s Insurance Commissioner Ricardo Lara.

Scammers could also use vehicle and driver details to cause all sorts of mischief with falsified sales claims – for example, registering a vehicle in a victim’s name, then stealing it and leaving them on the hook for finance payments, or making up phony accident claims. It could also help create more plausible phishing attacks – an email citing vehicle details and offering an insurance payout would be very tempting, and could include a malware-laden file posing as some sort of official documentation.

Texan drivers would do well to contact their insurance companies and warn them against fraudulent claims. State officials are contacting those who have had their records stolen, but aren’t offering credit monitoring or other protections commonly provided after corporate data breaches. ®

READ MORE HERE