Back to news
Cybersecurity Alert
June 30, 2026 by EmailMeNow IT Consulting

4 New California AG Breach Notices Published June 30, 2026

California's AG breach list added Glucobit, Kubota, Monmouth University, and NLACRC on June 30, 2026. Independent audits score monmouth.edu at 87% and joinreframeapp.com at 48%. Deep-dive reports with email security scores for each filer.

Source: California Attorney General - Data Breach List

CybersecurityData BreachCaliforniaState AG
California Attorney General data breach notices for June 30, 2026

California’s Attorney General added 4 new data breach notices to its public list on June 30, 2026, according to the California AG Data Breach List.

Unlike Texas and Washington, California’s public list does not publish a residents-affected count — so this roundup tracks incident visibility and reporting dates, not population impact. For affected-resident totals, see our Texas OAG breach tracker.

June month-to-date now totals 42 notices on the California list through June 30, 2026.

Notices Reported June 30, 2026

OrganizationBreach Date(s)ReportedReport
Glucobit Inc. (Reframe app)05/01/202606/30/2026Deep dive
Kubota North America Corporation03/16/2026, 04/20/202606/30/2026Deep dive
Monmouth University02/05/2026, 02/13/202606/30/2026Deep dive
North Los Angeles County Regional Center11/20/202406/30/2026Deep dive

California lists breach dates separately from reported dates — NLACRC’s November 2024 intrusion did not appear on the public AG list until June 2026, more than a year after client notification letters went out.

Sector Highlights

Mobile Health — Glucobit / Reframe

Glucobit Inc., maker of the Reframe alcohol-reduction app, says user-uploaded personal information was downloaded from a single internal system on May 1, 2026. See the full Glucobit / Reframe breach report with domain audits for joinreframeapp.com and glucobit.com.

Manufacturing — Kubota North America

Kubota North America Corporation disclosed a five-week network intrusion exposing employee and dependent HR files — including SSNs and direct-deposit data. See the Kubota breach report.

Higher Education — Monmouth University

Monmouth University filed February 2026 breach dates after the PEAR ransomware group claimed 16 TB of exfiltrated data. See the Monmouth University breach report — notable because monmouth.edu scores 87% on email security while campus systems were still compromised.

Regional Center — NLACRC

North Los Angeles County Regional Center serves clients with developmental disabilities. Its November 2024 ransomware incident copied SSNs, medical records, and photos before encrypting systems. See the NLACRC breach report.

Independent Cybersecurity Audits

EmailMeNow domain audits on June 30, 2026 scored 6 filer domains in this batch. 4 of 6 show 15% Transport Security or below — a recurring gap that makes spoofed breach-notification email easier to deliver. Monmouth University (monmouth.edu) leads at 87% overall; Glucobit Inc. (Reframe app) (joinreframeapp.com) scores 48%.

Pattern: Scores below the 100% ideal on identity or transport still leave room for spoofed incident-response email — even when website headers score higher.

OrganizationDomainOverallIdentityTransportWebsiteRisk
Glucobit Inc. (Reframe app)joinreframeapp.com48%35%15%45%Below Average
Glucobit Inc. (Reframe app)glucobit.com51%50%15%45%Average
Kubota North America Corporationkubotausa.com56%35%15%70%Average
Kubota North America Corporationkubota.com52%45%15%45%Average
Monmouth Universitymonmouth.edu87%90%70%92%Strong
North Los Angeles County Regional Centernlacrc.org66%75%45%45%Above Average

Audit links: joinreframeapp.com · glucobit.com · kubotausa.com · kubota.com · monmouth.edu · nlacrc.org

Source: California AG — Data Breach List