AUSTIN (KXAN) — Identity theft hit an all-time high in 2016 with about 1 in every 16 U.S. adults being a victim according to one recent study. But it’s not always hackers trolling the dark web who are the biggest threat to your personal data being released.
A KXAN Investigation discovered it’s our own state government that’s giving out the most important key to unlocking the rest of your personal information. And it’s an easy cash stream for the state, bringing in $2.7 million since 2010.
The state statutes are conflicting when it comes to protecting a Texans date of birth. One law says your DOB is sensitive information not to be released because of the risk of identity theft. But other laws allow Texas agencies, namely DPS and the Secretary of State – to sell your name, address and date of birth. DPS has made $1.9 million in the sale of personal information and the Secretary of State has made nearly $720,000.
Texas law allows anyone to buy voter registration records. Driver’s license records can be purchased by a wide range of people and companies for uses including “the normal course of business.”
KXAN obtained a list from the Texas Department of Public Safety showing driver’s license information is sold to businesses including grocery stores, towing companies, cosmetics companies; we even found a traveling circus on the list. What’s troubling is that some of those companies that bought your info, such as Equifax, have been hacked.
Caroline Branca’s 16-year-old son Philip, who just received his driver’s license, is joining millions of other Texans whose personal information will be sold for a profit. She wasn’t aware that information was being sold.
“We do what we can to protect our information, and I want our government to do what it should be doing to protect our information as well, and my sons,” said Branca.
In 2015, a state appeals court declared the date of birth of “every living person” is not public information because it creates the risk of you becoming the victim of identity theft.
Cyber security experts say if a hacker gets your DOB it’s much easier to obtain your social security number and target your finances.
“The DOB is very, very important to an attacker because now he can put parts of the puzzle together,” says cyber security expert George Sprague. “Once he has that puzzle together, he has you as a person.”
At that point, the hacker can open up credit cards, cellphones and loans – all under your identity.
“I think first and foremost we should not allow the state to sell that information,” said State Rep. Giovanni Capriglione, R-Keller, author of the Texas Cyber Security Act which became law earlier this year. The law is aimed at ensuring state agencies are good stewards of your private data.
Capriglione was very clear when asked if he believes the state of Texas should sell everyone’s dates of birth, even when they say it’s not public. “No, that would be hypocritical, right. The state should not be selling something that they’re now saying that the rest of the world can’t do,” said Capriglione.
Next legislative session Capriglione says he’ll ask the legislature to consider changing the way it handles who can and cannot have access to date of birth records.
Currently, the state does not allow an individual to opt out of their information being sold. Capriglione says he hopes to look at allowing people to do that.
KXAN asked DPS for any records showing any breaches of its driver’s license data or any violations of the Texas Motor Vehicle Records Disclosure Act–the agency said it has none.
DPS did tell KXAN its last completed audit consisted of about 500 companies that purchased the information, but that audit was more than four years ago, and the agency has yet to release it to us.
As for those who’ve bought your personal data, we’ve put their names here.