An organized security exploit duped Texas’ Department of Public Safety into sending at least 3,000 driver’s licenses to a Chinese criminal group in New York that targeted Asians in the Lone Star State, officials announced on Monday.
The unidentified group did not hack any Texas government websites, the DPS said. Instead, they exploited existing security vulnerabilities in the state’s main portal, Texas.gov.
The agency said it became aware of the problem in December 2022 but did not notify affected Texans as they carried out investigations and arrests.
“We’re not happy at all, I can tell you that, one bit,” DPS Chief Steve McCraw told lawmakers on Monday, as per the Texas Tribune. “They should have had — controls should have been in place, and they never should have happened.”
McCraw described the culprit as “a Chinese organized crime group based in New York working in a number of different states.”
Their scheme allegedly involved pulling the personal data of Asian targets from the dark web, harnessing the data to answer password security questions on Texas.gov and then using stolen credit cards to order copies of active licenses, such as those that were reported missing or stolen.
While licenses are issued by DPS, they are ordered through a portal run by the Department of Information Resources. At least 4,000 fake accounts were created, while some 2,400 licenses were shipped to “third-party addresses,” the Dallas Morning News reported.
McCraw said the crime group targeted Asians from various backgrounds with the goal of finding similar names and “look-alikes,” supposedly to aid Chinese nationals who are living in the U.S. illegally.
More potential cases are under investigation. State Rep. Mary González (D-El Paso) criticized DPS officials for allowing so much time to pass while Texans were unaware that their identities had been stolen.
“Somebody could be going around as Mary González right now for two months, and nobody’s been notified, I [wouldn’t have been] notified,” she said.
Meanwhile, Rep. Mano DeAyala (R-Houston) noted that Texas licenses could be used to get IDs from other states, saying, “We don’t want to be that weak link.”
The security loophole has reportedly been addressed, and federal agencies have also been tapped to join the investigation, which is now being run in at least four states.
Affected Texans are reportedly set to receive a letter explaining that their cases will be given priority status if they suspect their ID is being used fraudulently. Others who believe they were targeted are asked to call local police or file a report using the state’s iWatch system.