Texas Comptroller Susan Combs said the confidential data -- Social Security numbers, addresses, dates of birth and more -- was vulnerable for about a year when it was stored on a publicly accessible server, the Austin American-Statesman reported Tuesday.
There is no indication the personal information was misused, she said, but a spokesman for Texas Attorney General Greg Abbott said his office and the FBI have opened a criminal investigation.
A spokesman for Combs said it was human error, not a security breach, that caused the problem and that the people responsible have been fired.
"We absolutely regret that this happened," spokesman R.J. DeSilva said. "It won't happen again."
The comptroller's office said it would begin sending notifications Wednesday to those affected.