DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Another Texas state agency data breach — this time, it’s the Department of Transportation

Posted on May 23, 2022 by Dissent

This is not be the first time the Texas Department of Transportation (TxDOT) has apparently had a data security incident, and it certainly not the largest breach the state has ever experienced, but it appears that TxDOT’s portal for the certified payroll system for contractors has been hacked.

Two posts by one individual appeared over the weekend on a hacking-related forum.

The first post included a screencap of an employee’s setup with the employee’s personal information, including SSN. The forum post also included login credentials and the url for the state’s contractor’s payment system. For ethical and legal reasons, DataBreaches did not test the login credentials.

Post claiming that TxDOT has been compromised.

The second post included a screencap showing listings of a contractor’s projects. A second screencap in the post contained another employee’s setup screen with their personal information.

Second post claiming that TxDOT has been compromised.

An example of an employee’s set up shows the types of personal information in these files.

DataBreaches.net was contacted about the posts by someone who informed this site that the person or persons responsible for the hack had acquired more than 7,000 individuals’ records. They provided DataBreaches with two pdf files in addition to the screencaps in the posts. While the two “Employee List Report” pdf files did not contain SSN’s, one of the files — an employee list report for a named contractor — consisted of more than 18,000 pages with multiple employees listed on each page.

Employee lists contained some personal information on employees but not SSN, DOB, or financial information. This particular file was more than 18,500 pages, with 8 employee entries on each page. Alternate pages were the remaining columns of the table, so that the file contained information on more than 9,250 employees of the contractor.

According to the individual, data will be up for sale soon. They did not indicate how soon, but when asked, stated that the individual or individuals involved had not contacted TxDOT to try to extort any payment to not leak or sell the data.

The person(s) who did this is/are “not animals,” they told DataBreaches, and do not do anything for money or extortion. “Just for publicity and show that they have bad security,” they said. “We are all human and still have morals. I would not want to be extorted for money. Would you?” they asked DataBreaches.

Well, no. But so how do they justify selling the data?. They responded to that question:

Extortion is just wrong.
Like blackmail.

But sold as not much you can do with ssn anyway.

To do anything real harmful you need photo of ssn and photo of ID

At another point in the chat, when DataBreaches asked how they had gained access, they replied that it was a brute force attack.

DataBreaches sent an email Sunday evening to the Texas Department of Transportation media relations to ask them about the claimed incident and to provide them with the urls where they could find the listings and screencaps. DataBreaches also sent a direct message to the TxDOT Twitter team to alert them to the breach and to the email sent to their media relations department. Early Monday morning, DataBreaches called TxDOT and left a message for their cybersecurity department saying that they appear to have been hacked. The message included this site’s phone number.

DataBreaches also reached out to Ragle, Inc., a highway and bridge construction firm with offices in Indiana and Texas. Ragle had reportedly been recently attacked by the Black Basta ransomware team, and Ragle’s corporate and personnel data had been dumped on Black Basta’s dark web leak site on or about April 28.  Now it appeared that some of Ragle’s data, including its employees’ payroll-related data, may  have been compromised in the attack on TxDOT. Whether the Ragle data was some of the same data leaked by Black Basta is unknown to DataBreaches.

As of the time of this publication, TxDOT has not responded to this site’s inquiries or notification attempts. Nor has Ragle Inc. responded. Because DataBreaches cannot test the login credentials, this site does not know if they still work or if the state has already changed those credentials.

This post will be updated if a reply is received or if there are more developments.

 

Related posts:

  • Hacker Operations (OPS) of 2012
Category: Breach IncidentsHack

Post navigation

← Malaysia: Govt must be transparent, outcome of alleged data breach probe must be made public
K-12 school districts in New Mexico, Ohio crippled by cyberattacks →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.