Hold Texas Accountable for Exposing 3 Million Hunting and Fishing License Holders
The Issue
More than 3 million Texans who hold hunting and fishing licenses just found out their personal information may have been stolen by someone who was never supposed to have access to it.
Texas Parks and Wildlife announced that a vendor managing the state's license sales system was compromised in a cybersecurity incident. An unauthorized actor may have obtained driver's license numbers, passport numbers, email addresses, phone numbers, and home addresses belonging to license holders. Texas Cyber Command is investigating.
Texas Parks and Wildlife has not publicly named the vendor responsible for the breach.
The state is offering affected customers one year of free credit monitoring through Kroll, with an enrollment deadline of September 14, 2026. But driver's license numbers and home addresses are not credit card numbers. They cannot be changed. They can be used to commit fraud, identity theft, or targeted harm for years after the original breach. One year of monitoring does not match the lifespan of the data that was exposed.
This breach did not happen because Texas Parks and Wildlife failed to secure its own systems. It happened because a third-party vendor, hired to manage sensitive citizen data on behalf of a state agency, did not adequately protect that information. That vendor has not been named publicly, has not been held financially accountable, and has not apparently been replaced.
Texas state agencies routinely contract with outside vendors to manage systems holding sensitive information about millions of Texans. Hunting and fishing license data is just one example. If those vendors are not held to binding cybersecurity standards, if their failures carry no real consequences, and if the state does not require transparency when something goes wrong, this will happen again.
We are calling on Texas Parks and Wildlife and Governor Abbott to publicly name the vendor responsible for this breach and detail what contractual protections existed, what failed, and what consequences the vendor is now facing. We are calling on the Texas Legislature to pass binding cybersecurity standards for any vendor handling sensitive data on behalf of a state agency, with real penalties for noncompliance and mandatory breach disclosure timelines. And we are demanding that the 3 million Texans whose data was exposed receive extended protections well beyond one year, including free credit monitoring for at least three years and proactive identity theft support from the state.
Texans did not choose to hand their personal information to this vendor. They had no say in who the state trusted with their data. They deserve to know what happened, who is responsible, and what Texas is doing to make sure it does not happen again. Sign to demand accountability.
101
The Issue
More than 3 million Texans who hold hunting and fishing licenses just found out their personal information may have been stolen by someone who was never supposed to have access to it.
Texas Parks and Wildlife announced that a vendor managing the state's license sales system was compromised in a cybersecurity incident. An unauthorized actor may have obtained driver's license numbers, passport numbers, email addresses, phone numbers, and home addresses belonging to license holders. Texas Cyber Command is investigating.
Texas Parks and Wildlife has not publicly named the vendor responsible for the breach.
The state is offering affected customers one year of free credit monitoring through Kroll, with an enrollment deadline of September 14, 2026. But driver's license numbers and home addresses are not credit card numbers. They cannot be changed. They can be used to commit fraud, identity theft, or targeted harm for years after the original breach. One year of monitoring does not match the lifespan of the data that was exposed.
This breach did not happen because Texas Parks and Wildlife failed to secure its own systems. It happened because a third-party vendor, hired to manage sensitive citizen data on behalf of a state agency, did not adequately protect that information. That vendor has not been named publicly, has not been held financially accountable, and has not apparently been replaced.
Texas state agencies routinely contract with outside vendors to manage systems holding sensitive information about millions of Texans. Hunting and fishing license data is just one example. If those vendors are not held to binding cybersecurity standards, if their failures carry no real consequences, and if the state does not require transparency when something goes wrong, this will happen again.
We are calling on Texas Parks and Wildlife and Governor Abbott to publicly name the vendor responsible for this breach and detail what contractual protections existed, what failed, and what consequences the vendor is now facing. We are calling on the Texas Legislature to pass binding cybersecurity standards for any vendor handling sensitive data on behalf of a state agency, with real penalties for noncompliance and mandatory breach disclosure timelines. And we are demanding that the 3 million Texans whose data was exposed receive extended protections well beyond one year, including free credit monitoring for at least three years and proactive identity theft support from the state.
Texans did not choose to hand their personal information to this vendor. They had no say in who the state trusted with their data. They deserve to know what happened, who is responsible, and what Texas is doing to make sure it does not happen again. Sign to demand accountability.
The Decision Makers
Petition Updates
Share this petition
Petition created on June 21, 2026