Through a state website, the group obtained the licenses with Asian names to sell to undocumented immigrants, predominantly from China, aiming to impersonate the victims. Asian Americans in Texas are angered after officials revealed this week that thousands of Asians statewide may be impacted by identity theft orchestrated through a website that involved using personal information to answer security questions.
The state’s Department of Public Safety had unknowingly sent an estimated 3,000 driver’s licenses to an organized crime group that targeted Asians in the state, DPS director Steve McCraw told a Texas House committee on Monday. The incident, which is currently under investigation, was discovered in December, McCraw said, and the department has begun to notify victims by mail this week.
With no warning about the incident for months, Asian Americans say they’re disappointed in the DPS’s response and feel they’ve been kept in the dark. “It really goes to show that our state government does not see us and does not care about us and does not prioritize our welfare,” Lily Trieu, executive director of Asian Texans for Justice, told NBC News. DPS did not respond to NBC News’ request for comment.
McCraw did not reveal the name of the organization, but told the Texas House Appropriations Committee that a New York-based Chinese organized crime group had obtained the licenses with Asian names to sell to undocumented immigrants, predominantly from China, in hopes of impersonating the victims. He added that with the licenses, impersonators could go on to obtain additional supporting identification documents featuring their own photos.
Using personal information of the victims obtained from “the dark web,” or websites hidden by traditional surface browsers, the group was able to answer security questions on the state’s Texas.gov website, McCraw said. The questions have since been removed from the website. “The identity questions could be something you may have shared with a credit card company or something like your mother’s maiden name, your first vehicle that you ever had, your favorite sport,” McCraw said. “[They] use those questions to be able to get into and purchase a replacement driver’s license on Asian-sounding names. And from that, get a replacement driver’s license sent to an address of their choosing.”
Prompted by questioning from State Rep. Mary Gonzalez, vice chair of the committee, McCraw said that victims’ identifications could have been used during the months in which they had not been notified. He said that DPS did not alert victims right away because the department “opted to conduct a thorough investigation” before making the information public. McCraw also said he didn’t see it as a “breach,” saying the criminal organization did not hack into the website. Rather, the group discovered a “vulnerability” and exploited it, he said.
Brittney Booth Paylor, director of media and government relations at the Texas Department of Information Resources, echoed McCraw’s language in a statement provided to NBC News. “This is fraudulent criminal activity based on identity theft unrelated to state systems, not a cybersecurity incident. No state systems, including the state’s portal, were hacked or breached,” Paylor wrote in the statement.