Back to news
Cybersecurity Alert
June 13, 2026 by EmailMeNow IT Consulting

California AG Data Breach List: 2026 Incident Tracker

California AG list shows 273 breach notices reported in 2026 through Jun 30, 2026. Incident monitoring without residents-affected totals.

Source: California Attorney General - Data Breach List

CybersecurityData BreachCaliforniaState AG
California Attorney General data breach list tracker for 2026

California maintains a searchable data breach list at the Attorney General’s office. Unlike Texas and Washington, California does not publish a residents-affected count on the public list — so this page focuses on incident visibility and monitoring, not monthly affected-person charts.

California AG data lists 247 sample breach notices with a reported date in 2026 (through Jun 12, 2026), drawn from 5,149 total incidents on the public list. For affected-resident totals, see our Texas OAG breach tracker and Washington AG tracker.

2026 Incident Activity by Month

California publishes incident counts only — not residents affected.

MonthNotices Reported
Jan 202654
Feb 202644
Mar 202645
Apr 202642
May 202646
Jun 202642

Recently Listed Organizations

The most recently reported California AG list entries include:

  1. Monmouth University — reported Jun 30, 2026
  2. North Los Angeles County Regional Center — reported Jun 30, 2026
  3. Glucobit Inc. — reported Jun 30, 2026
  4. Kubota North America Corporation — reported Jun 30, 2026
  5. Sierra Management Group — reported Jun 29, 2026

What California Publishes

The California AG Data Breach List includes reporting organizations, breach dates, and descriptive metadata. It does not include a per-incident Californians affected number on the public list.

That limitation means California is useful for:

  • Spotting newly listed organizations
  • Tracking vendors, partners, or national brands that also serve your clients
  • Editorial monitoring and incident response awareness

It is not suited for the same affected-count bar charts we publish for Texas.

How to Use the Official List

  1. Open the California AG Data Breach List.
  2. Search or browse for organizations you rely on — payroll, cloud, legal, benefits, or IT vendors are common entries.
  3. When a familiar name appears, verify whether the notice affects data you share with that vendor and review your contract, access, and notification obligations.
  4. If you also serve California residents, treat each listing as a prompt to review your own logging, MFA, and incident-response contacts.

Why This Matters

California’s breach-notification volume is among the highest in the country. Organizations that report to the California AG often operate nationally — a listed incident may still affect your Texas clients, vendors, or supply chain.

Professional firms should treat California list entries as early warning signals, not as something that only matters inside California.

Practical Steps

  • Monitor the California list for vendors and partners you rely on.
  • Enforce DMARC, DKIM, and SPF on your domain.
  • Require MFA on email and financial systems.
  • Run recurring security awareness training.

Run a free Instant Cybersecurity Audit at audit.emailmenow.com.