One Year, No Warning: TADTS Breach Exposes Biometric and Financial Data of 748K+

TADTS under scrutiny for delayed breach notification as ransomware group leaks trove of sensitive personal data, igniting legal backlash and public outrage.

Texas Alcohol & Drug Testing Service Reveals Massive Breach One Year Later
748,763 Individuals Exposed, BianLian Ransomware Behind Attack, Legal Action Looms

MAG212NEWS | July 22, 2025

In a stunning revelation that has sent shockwaves across Texas and the national cybersecurity landscape, the Texas Alcohol & Drug Testing Service (TADTS) admitted this month that it suffered a major ransomware attack in July 2024—exposing the personal information of approximately 748,763 individuals.

Even more troubling than the breach itself is the timeline: the company waited a full year to notify the public, leaving hundreds of thousands vulnerable to identity theft, scams, and financial exploitation without any early warning or mitigation support.

“This is a textbook case of corporate negligence,” said Ava Romero, a cybersecurity attorney with the Texas Data Justice Project. “Not only did TADTS fail to prevent a breach, they withheld critical information from victims who could’ve taken steps to protect themselves.”

Five Days of Undetected Intrusion

The attack began on or around July 15, 2024, when threat actors from the BianLian ransomware group infiltrated the company’s network. According to internal forensic analysis, the hackers remained undetected for five full days, collecting and exfiltrating sensitive records.

The compromised data includes:

• Full names
• Social Security numbers
• Passport and driver’s license numbers
• Bank account and routing information
• Biometric data (fingerprints, signatures)
• Health insurance files
• Email addresses and login credentials

Cybersecurity researchers estimate that hundreds of gigabytes were stolen and later leaked on the dark web in multiple data dumps beginning in late 2024.

No Credit Monitoring or Support

Despite the magnitude of the breach, TADTS has not offered victims credit monitoring, identity theft protection, or any other form of remediation—prompting intense backlash from privacy advocates and attorneys.

“It’s unconscionable that this organization sat on this breach for 12 months,” said Michael Lin, a digital forensics expert with InfoGuard Solutions. “This wasn’t just a technical oversight—it’s a systemic failure that enabled long-term harm.”

Legal Fallout and Class Action Investigation

Several national law firms, including Levinson & Carter LLP, have launched investigations into whether TADTS violated federal and state breach notification laws. A potential class-action lawsuit could see the company held liable for failing to protect consumer data and delaying notification far beyond industry norms.

National Implications

The incident highlights the growing danger posed by ransomware groups like BianLian, which have increasingly targeted healthcare, testing, and government service providers. Experts warn that poor cyber hygiene and delayed transparency are enabling such attacks to have multi-year impacts on victims.

“We are seeing real-world consequences—denied loans, fraudulent tax filings, even impersonation in legal proceedings,” said Nina Caldwell, a privacy rights advocate in Austin. “This breach isn’t just numbers on a server. It’s a human tragedy unfolding quietly.”