The Texas Department of Public Safety (DPS) shipped thousands of Texans’ driver’s licenses to an international organized crime group in a security lapse. The fraud scheme was operated by a “Chinese organized crime group based in New York,” targeting Texans of Asian descent.
The group was found to be using personal information from the dark web to replace driver’s licenses and match “look-alikes” with Chinese nationals who are illegally in the country. The DPS is investigating more potential cases, and the investigation spans at least four states.
At least 3,000 Texans have been affected, and the agency is working with federal agencies to investigate the issue. The DPS has not yet notified affected Texans because they are still working on the criminal investigation and apprehending those responsible.
The DPS officials told House budget writers during a hearing that the criminal actors were able to fraudulently obtain the licenses by creating at least four thousand fraudulent accounts and shipping 2,400 licenses to “third-party addresses.” However, no state systems were hacked.
The DPS’s controls should have been in place, and this should have never happened, according to Department of Public Safety Chief Steve McCraw. The DPS Deputy Director of Law Enforcement Services, Jeoff Williams, said the bad actors did not breach the state’s system but rather exploited existing security vulnerabilities in the online portal.
DIR oversees the state’s online infrastructure, but state agencies set the security features on their individual applications hosted by Texas.gov.
Texans looking to log into the license system had to provide an audit number on their driver’s license or answer a series of questions about themselves. The bad actors were able to find those personal details on the dark web to gain access to Texans’ accounts.
After this incident, the Texas Department of Information Resources (DIR) requires credit card features like CVV or zip code authentication for all transactions. The DPS asked the Department of Information Resources and the agency’s vendor to address security issues.
