To compound the mistake, personnel in Combs' office then put the information onto a server that was accessible to the public and left it there for an extended period, without purging it as required, the statement said.

The mistake was finally discovered on March 31, more than 10 months after the files were put on the server. Since then, public access to the files have been shut off and the data itself been removed from the server. The exposed information was "embedded in a chain of numbers and not in separate fields," the statement noted.

Though Combs' office noted that there is no indication that the exposed data has been misused, a warned of a fraudulent call received by a state employee following the breach.

"Unfortunately, the Attorney General's Office has learned that Texans affected by the Internet security breach may now be the targets of a new telephone scam," Abbott said. He asked affected victims to be extra vigilant against fraud.

Abbott's office is currently conducting an investigation into the breach.