North Texan Victim of Identity Theft Warns of Driver’s License Security Breach
Imagine a stranger accessing everything on your phone—bank apps, digital wallets, emails. This unsettling scenario became reality for a North Texan, prompting a warning about identity theft risks.
According to a report filed with the Dallas Police, the victim discovered an identity thief impersonating them in another state. The fraudster possessed a driver’s license bearing the victim’s information but with the thief’s photo.
In the police report, the victim stated the impostor attempted to open new lines of credit and successfully transferred the victim’s phone number to a new device. This allowed the thief to potentially access a wealth of the victim’s personal data.
“It really does open up the keys to the kingdom. It allows that person access to a lot of the information that you had on your phone,” said Eva Velasquez, President and CEO of the nonprofit Identity Theft Resource Center.
With access to phone calls and texts, thieves can log into accounts, reset passwords, and bypass authentication. Velasquez explains that this breach of security then gives criminals the ability to drain accounts and medical and government benefits, or open new lines of credit.
“They are just taking this one identity and using it everywhere they possibly can, unfortunately leaving the legitimate credential holder, the victim having to clean up an unbearable mess,” Velasquez said.
Drivers License Replacements
The North Texas victim, who is Asian, believes a Texas driver’s license security breach affected him. In 2023, then Texas Department of Public Safety Director Steve McCraw, who has since retired, told lawmakers that replacement driver’s licenses were sent to a criminal organization operating in New York.
“We are working a criminal investigation that’s targeting an organization, an Asian organized crime group, that’s been involved in purchasing that type of information and obtaining, for the purpose of getting identity documents, to support those who are here illegally,” McCraw told a Texas House Appropriations Committee on February 27, 2023.
McCraw detailed how the criminals used Texans’ personal information to create Texas.gov accounts, ordering replacement licenses mailed out of state.
“Once they get the replacement driver’s license, they can send that individual that was now assuming that identity into a different state. They can get their own picture, their actual picture and also get an audit number on that card, a unique audit number,” said McCraw in 2023.
The Texas DPS and the Department of Information Resources discovered the vulnerability in late 2022. As a result, Texas no longer allows customers to order replacement licenses online without an audit number. The DIR has also implemented anti-fraud tools and ensures platform application security.
Texas DPS is now part of a state-to-state driver’s license verification system. This helps to confirm if drivers hold licenses in other participating states. “Under this program, when a person obtains a Texas DL or ID, the previous state is notified, and Texas becomes the state of record for that driver,” according to Texas DPS.
Approximately 5,000 customers were affected by the security incident in 2023, according to DPS, and the department sent letters in multiple languages to all identified customers. Customers who contacted DPS received help getting a replacement license, including the option of a new driver’s license number.
The North Texan who contacted NBC 5 said they did not receive a letter in 2023. DPS could not confirm if the consumer was affected by the breach.
Four suspects have been identified in the replacement driver’s license case. Three have pleaded guilty to conspiracy to commit bank fraud, court records indicate. A fourth remains at large. The fraud started as early as July 2021, according to indictments, with thousands of replacement licenses mailed to addresses in New York, Oklahoma, and Georgia.
Tracking ID Theft
Kelle Slaughter, a Senior Investigator at the FTC, told NBC 5 Responds that backtracking where thieves obtained your information can be difficult.
She stated there may have been various data breaches leaking personal information. This, combined with basic information people share, can give a thief what they need.
“We do live in an age where your information may have been lost in a data breach,” Slaughter said. “You may have been talking to an imposter and gave your information away or other ways that they may have been able to get a hold of the information.”
Consumers can freeze their credit files by contacting the three credit bureaus and should ask for a fraud alert if they are impacted by identity theft. If affected by identity theft, file a police report and, if applicable, a report in the state where an ID is being misused. Consumers can report identity theft and obtain a recovery plan at the FTC. The ITRC provides free calls or texts with advisors to answer questions about ID theft recovery.
Consumers should review credit reports and bank statements regularly, disputing unrecognized charges. Accounts opened fraudulently should be closed.
“Follow up to make sure that when you’ve reached out to the credit bureaus to put a credit freeze in place or you’ve reached out to Social Security to let them know that your Social Security number has been compromised, or when you notified the licensing department in your particular state that someone is using your ID, you follow up and make sure that these things are actually being addressed,” Slaughter said.
The ITRC recommends consumers seek protection from their mobile carriers.
AT&T, the North Texas consumer’s provider, stated, “We’re sorry this customer was targeted by criminals, and we worked to resolve this case as quickly as possible. Cybercriminals constantly evolve their tactics, and we work closely with law enforcement, our industry peers, and consumers to help prevent this type of fraud.”
“We’ve also developed simple, sophisticated tools for consumers to protect themselves from bad actors, including our free Wireless Account Lock security feature,” according to AT&T.
AT&T’s website explains its Wireless Account Lock security feature disables specific account changes and transactions—like moving your phone number to a different phone. The carrier recommends creating a unique passcode for mobile accounts and considering authentication methods that don’t depend on a phone number.
