You can change a password and cancel a card. But replacing a passport or driver’s license number every time someone leaves yours unsecured in a vendor database isn’t so easy.

More than three million Texans are facing that problem after a data breach involving a vendor used by the Texas Parks and Wildlife Department (TPWD) to process hunting and fishing licenses.

In an announcement confirming the breach, TPWD says the hackers gained access through the third-party vendor’s systems and exposed personal information belonging to 3,087,721 people. The agency says the exposed data may include driver’s license information, passport numbers, email addresses, phone numbers, and residential addresses.

However, exactly what information was stolen remains unclear.

Conflicting accounts of what was exposed