California maintains a searchable data breach list at the Attorney General’s office. Unlike Texas and Washington, California does not publish a residents-affected count on the public list — so this page focuses on incident visibility and monitoring, not monthly affected-person charts.
California AG data lists 247 sample breach notices with a reported date in 2026 (through Jun 12, 2026), drawn from 5,149 total incidents on the public list. For affected-resident totals, see our Texas OAG breach tracker and Washington AG tracker.
2026 Incident Activity by Month
California publishes incident counts only — not residents affected.
| Month | Notices Reported |
|---|---|
| Jan 2026 | 54 |
| Feb 2026 | 44 |
| Mar 2026 | 45 |
| Apr 2026 | 42 |
| May 2026 | 46 |
| Jun 2026 | 42 |
Recently Listed Organizations
The most recently reported California AG list entries include:
- Monmouth University — reported Jun 30, 2026
- North Los Angeles County Regional Center — reported Jun 30, 2026
- Glucobit Inc. — reported Jun 30, 2026
- Kubota North America Corporation — reported Jun 30, 2026
- Sierra Management Group — reported Jun 29, 2026
What California Publishes
The California AG Data Breach List includes reporting organizations, breach dates, and descriptive metadata. It does not include a per-incident Californians affected number on the public list.
That limitation means California is useful for:
- Spotting newly listed organizations
- Tracking vendors, partners, or national brands that also serve your clients
- Editorial monitoring and incident response awareness
It is not suited for the same affected-count bar charts we publish for Texas.
How to Use the Official List
- Open the California AG Data Breach List.
- Search or browse for organizations you rely on — payroll, cloud, legal, benefits, or IT vendors are common entries.
- When a familiar name appears, verify whether the notice affects data you share with that vendor and review your contract, access, and notification obligations.
- If you also serve California residents, treat each listing as a prompt to review your own logging, MFA, and incident-response contacts.
Why This Matters
California’s breach-notification volume is among the highest in the country. Organizations that report to the California AG often operate nationally — a listed incident may still affect your Texas clients, vendors, or supply chain.
Professional firms should treat California list entries as early warning signals, not as something that only matters inside California.
Practical Steps
- Monitor the California list for vendors and partners you rely on.
- Enforce DMARC, DKIM, and SPF on your domain.
- Require MFA on email and financial systems.
- Run recurring security awareness training.
Run a free Instant Cybersecurity Audit at audit.emailmenow.com.