California’s Attorney General added 4 new data breach notices to its public list on June 30, 2026, according to the California AG Data Breach List.
Unlike Texas and Washington, California’s public list does not publish a residents-affected count — so this roundup tracks incident visibility and reporting dates, not population impact. For affected-resident totals, see our Texas OAG breach tracker.
June month-to-date now totals 42 notices on the California list through June 30, 2026.
Notices Reported June 30, 2026
| Organization | Breach Date(s) | Reported | Report |
|---|---|---|---|
| Glucobit Inc. (Reframe app) | 05/01/2026 | 06/30/2026 | Deep dive |
| Kubota North America Corporation | 03/16/2026, 04/20/2026 | 06/30/2026 | Deep dive |
| Monmouth University | 02/05/2026, 02/13/2026 | 06/30/2026 | Deep dive |
| North Los Angeles County Regional Center | 11/20/2024 | 06/30/2026 | Deep dive |
California lists breach dates separately from reported dates — NLACRC’s November 2024 intrusion did not appear on the public AG list until June 2026, more than a year after client notification letters went out.
Sector Highlights
Mobile Health — Glucobit / Reframe
Glucobit Inc., maker of the Reframe alcohol-reduction app, says user-uploaded personal information was downloaded from a single internal system on May 1, 2026. See the full Glucobit / Reframe breach report with domain audits for joinreframeapp.com and glucobit.com.
Manufacturing — Kubota North America
Kubota North America Corporation disclosed a five-week network intrusion exposing employee and dependent HR files — including SSNs and direct-deposit data. See the Kubota breach report.
Higher Education — Monmouth University
Monmouth University filed February 2026 breach dates after the PEAR ransomware group claimed 16 TB of exfiltrated data. See the Monmouth University breach report — notable because monmouth.edu scores 87% on email security while campus systems were still compromised.
Regional Center — NLACRC
North Los Angeles County Regional Center serves clients with developmental disabilities. Its November 2024 ransomware incident copied SSNs, medical records, and photos before encrypting systems. See the NLACRC breach report.
Independent Cybersecurity Audits
EmailMeNow domain audits on June 30, 2026 scored 6 filer domains in this batch.
4 of 6 show 15% Transport Security or below — a recurring gap that makes spoofed breach-notification email easier to deliver.
Monmouth University (monmouth.edu) leads at 87% overall; Glucobit Inc. (Reframe app) (joinreframeapp.com) scores 48%.
Pattern: Scores below the 100% ideal on identity or transport still leave room for spoofed incident-response email — even when website headers score higher.
| Organization | Domain | Overall | Identity | Transport | Website | Risk |
|---|---|---|---|---|---|---|
| Glucobit Inc. (Reframe app) | joinreframeapp.com | 48% | 35% | 15% | 45% | Below Average |
| Glucobit Inc. (Reframe app) | glucobit.com | 51% | 50% | 15% | 45% | Average |
| Kubota North America Corporation | kubotausa.com | 56% | 35% | 15% | 70% | Average |
| Kubota North America Corporation | kubota.com | 52% | 45% | 15% | 45% | Average |
| Monmouth University | monmouth.edu | 87% | 90% | 70% | 92% | Strong |
| North Los Angeles County Regional Center | nlacrc.org | 66% | 75% | 45% | 45% | Above Average |
Audit links: joinreframeapp.com · glucobit.com · kubotausa.com · kubota.com · monmouth.edu · nlacrc.org
Related trackers
- All state AG trackers
- Texas OAG YTD dashboard
- California AG breach list
- Washington AG tracker
- Healthcare AG breach tracker
- Washington healthcare breaches (2026)
- Washington law firm breaches (2026)
- CA June roundup
- TX July roundup
- WA May roundup
- TX Parks breach
- Have I Been Pwned
- HIBP July roundup
- Monitoring guide
Source: California AG — Data Breach List