North Texan Victim of Identity Theft Warns of Driver’s License Security Breach
Imagine the personal information stored on your phone – bank apps, digital wallets, and emails – now accessible to a stranger. A North Texan recently experienced this nightmare scenario, highlighting the vulnerabilities of modern identity theft.
According to a report filed with the Dallas Police Department, the victim discovered an identity thief was impersonating them in another state. The key piece of evidence? The thief possessed a driver’s license bearing the victim’s personal information but with the thief’s photograph.
In the police report, the victim detailed how the imposter attempted to open new lines of credit and, critically, successfully transferred the victim’s phone number to a new device. This single act, known as “phone number porting,” granted the thief extensive access to the victim’s digital life.
“It really does open up the keys to the kingdom. It allows that person access to a lot of the information that you had on your phone,” said Eva Velasquez, President and CEO of the nonprofit Identity Theft Resource Center.
With control of a victim’s phone calls and texts, Velasquez explained, a thief gains the ability to log into accounts, reset passwords, and bypass two-factor authentication. The potential damage is significant, allowing the thief to drain existing accounts, open new lines of credit, or even fraudulently access medical and government benefits.
“They are just taking this one identity and using it everywhere they possibly can, unfortunately leaving the legitimate credential holder, the victim having to clean up an unbearable mess,” Velasquez said.
Driver’s License Replacements and Texas DPS
The North Texan victim, who is of Asian descent, believes they were affected by a driver’s license security breach in Texas. This suspicion is supported by a 2023 incident where, then-Texas Department of Public Safety (DPS) Director Steve McCraw (now retired) informed lawmakers that replacement driver’s licenses were being sent to a criminal organization in New York.
“We are working a criminal investigation that’s targeting an organization, an Asian organized crime group, that’s been involved in purchasing that type of information and obtaining, for the purpose of getting identity documents, to support those who are here illegally,” McCraw told a Texas House Appropriations Committee on February 27, 2023.
McCraw further explained that criminals used personal information of Texans to create Texas.gov accounts and then ordered replacement licenses to be mailed out of state. Once in hand, these fraudulent licenses allowed the criminals to assume the identities of real individuals.
“Once they get the replacement driver’s license, they can send that individual that was now assuming that identity into a different state. They can get their own picture, their actual picture and also get an audit number on that card, a unique audit number,” McCraw said in 2023.
The Texas DPS and the Department of Information Resources (DIR) discovered the vulnerability in late 2022. In response, Texas now requires an audit number printed on the physical driver’s license to order a replacement license online. DIR has also implemented additional anti-fraud tools for services available through Texas.gov.
Texas DPS has since joined a state-to-state driver’s license verification system to confirm if drivers already have a license in another participating state. Texas DPS said, “Under this program, when a person obtains a Texas DL or ID, the previous state is notified, and Texas becomes the state of record for that driver.”
Approximately 5,000 customers were affected by the 2023 security incident, according to DPS. The department sent letters in multiple languages to all identified customers. Those who contacted DPS received assistance in obtaining a replacement license, with the option of a new driver’s license number.
The North Texan who contacted NBC 5 Responds about their ID theft report stated they did not receive a letter in 2023. DPS could not confirm if the consumer was affected by the security breach.
DPS has identified four suspects in the replacement driver’s license case. Court records indicate that three have pleaded guilty to conspiracy to commit bank fraud, while a fourth is at large. The fraud began as early as July 2021, with thousands of replacement licenses mailed to addresses in New York, Oklahoma, and Georgia.
Tracking and Preventing Identity Theft
Generally, FTC Senior Investigator Kelle Slaughter told NBC 5 Responds backtracking where thieves took your information is tricky.
Slaughter advised consumers that multiple data breaches may have exposed personal information. These breaches, combined with basic biographical facts people may share online, create opportunities for identity theft.
“We do live in an age where your information may have been lost in a data breach,” Slaughter said. “You may have been talking to an imposter and gave your information away or other ways that they may have been able to get a hold of the information.”
Slaughter suggests several steps for consumers to take: freeze credit files with the three credit reporting bureaus, request a fraud alert, file a police report and, if applicable, a report in any other relevant state. Consumers can also report identity theft to the FTC and create a recovery plan. The Identity Theft Resource Center offers free consultations to address consumer questions about ID theft recovery.
Additional recommendations include:
- Regularly review credit reports.
- Scrutinize bank and credit card statements, disputing unrecognized charges.
- Close any fraudulently opened accounts.
- Follow up with credit bureaus, Social Security, and licensing departments to ensure reported issues are addressed.
The ITRC also recommends that consumers seek security measures from their mobile carriers. The victim’s provider, AT&T, stated, “We’re sorry this customer was targeted by criminals, and we worked to resolve this case as quickly as possible.” The carrier encourages consumers to create a unique passcode for their mobile account and consider authentication methods that do not depend on a phone number. AT&Ts Wireless Account Lock security feature disables specific types of account changes and transactions – like moving your phone number to a different phone.
