A breach at an unnamed third-party license management vendor contracted by Texas Parks and Wildlife Department exposed personally identifiable information for approximately 3.08 million individuals, including driver’s license numbers and passport numbers. This event is the latest in a documented 30-month pattern of successful attacks against Texas government vendor ecosystems, and the unnamed vendor’s undisclosed identity prevents downstream organizations from assessing shared platform exposure. No software patch applies; remediation is contractual, procedural, and supply chain governance-focused.