AUSTIN (KXAN) — Identity theft hit an all-time high in 2016 with about 1 in every 16 U.S. adults being a victim according to one recent study. But it’s not always hackers trolling the dark web who are the biggest threat to citizen’s personal data being released.
8News sister station KXAN discovered the Texas state government has been selling its citizens’ personal information. And it’s an easy cash stream for the state, bringing in $2.7 million since 2010.
The state statutes are conflicting when it comes to protecting a Texans date of birth. One law says the information is sensitive, not to be released because of the risk of identity theft. But other laws allow Texas agencies, namely the Department of Public Safety and the Secretary of State – to sell your name, address and date of birth.
DPS has made $1.9 million in the sale of personal information and the Secretary of State has made nearly $720,000.
Texas law allows anyone to buy voter registration records. Driver’s license records can be purchased by a wide range of people and companies for uses including “the normal course of business.”
KXAN obtained a list from the Texas Department of Public Safety showing driver’s license information is sold to businesses including grocery stores, towing companies, cosmetics companies. The Texas station even found a traveling circus on the list.
What’s most troubling is that some of those companies that bought citizens’ information, such as Equifax, have been hacked.
Caroline Branca’s 16-year-old son Philip, who just received his driver’s license, is joining millions of other Texans whose personal information will be sold for a profit. She wasn’t aware that information was being sold.
“We do what we can to protect our information, and I want our government to do what it should be doing to protect our information as well, and my sons,” said Branca.
In 2015, a state appeals court declared the date of birth of “every living person” is not public information because it creates the risk of you becoming the victim of identity theft.
Cybersecurity experts say if a hacker gets your DOB it’s much easier to obtain your social security number and target your finances.
“The DOB is very, very important to an attacker because now he can put parts of the puzzle together,” says cybersecurity expert George Sprague. “Once he has that puzzle together, he has you as a person.”
At that point, the hacker can open up credit cards, cell phones, and loans – all under your identity.
“I think first and foremost we should not allow the state to sell that information,” said State Rep. Giovanni Capriglione, R-Keller, author of the Texas Cyber Security Act which became law earlier this year. The law is aimed at ensuring state agencies are good stewards of your private data.
Capriglione was very clear when asked if he believes the state of Texas should sell everyone’s dates of birth, even when they say it’s not public. “No, that would be hypocritical, right. The state should not be selling something that they’re now saying that the rest of the world can’t do,” said Capriglione.
Next legislative session Capriglione says he’ll ask the legislature to consider changing the way it handles who can and cannot have access to date of birth records.
Currently, the state does not allow an individual to opt out of their information being sold. Capriglione says he hopes to look at allowing people to do that.
KXAN asked DPS for any records showing any breaches of its driver’s license data or any violations of the Texas Motor Vehicle Records Disclosure Act–the agency said it has none.
DPS did tell KXAN its last completed audit consisted of about 500 companies that purchased the information, but that audit was more than four years ago, and the agency has yet to release it.
As for those who’ve bought personal data, their names are available here.
Never miss another Facebook post from 8News
Find 8News on Twitter, Facebook, and Instagram; send your news tips to iReport8@wric.com.