Texas Department of Transportation
Breach Analysis

• 2025-05-19

  TxDOT notified of breach at third-party document vendor
• 2025-05-22

  Vendor access suspended; forensic review initiated
• 2025-06-01

  Scope determined: 350,000 contractor and employee records
• 2025-06-05

  Texas AG notice filed; notification process underway

How they got in

Third-party document management vendor that stored TxDOT contractor and employment records suffered a breach. Attacker gained access to the vendor's customer data environment and exfiltrated TxDOT records along with other state agency data.

Sentinel / Fortress / Command coverage

Sentinel ($89/ep/mo) — 24/7 SOC + SIEM. Fortress ($109/ep/mo) — Sentinel + EDR management + vulnerability management. Command ($129/ep/mo) — Fortress + vCISO + compliance mapping + IR plan. See full tier comparison →

Regulatory exposure

5-point hardening list

• 1
  Vendor risk program: all vendors handling state agency records require annual SOC 2 Type II or equivalent certification
• 2
  Contract requirements: 24-hour breach notification obligation for all vendors with access to state employee or contractor PII
• 3
  Data minimization: send only minimum required fields to document management vendors — no SSN or sensitive financial data if not operationally necessary
• 4
  Supply-chain monitoring: subscribe to third-party breach intelligence service; receive alert when vendors in registry are compromised
• 5
  Recovery rights: contract includes right to audit and right to data return/destruction upon contract termination

• → Texas AG Breach Notices
• → DataBreaches.net
• → Texas DIR Supply Chain Security

CoreRecon cites verifiable public sources only. No speculation on unverified attribution is published. Threat actor attribution appears only where publicly confirmed by law enforcement or the organization.