Public-sector and education organizations hold payroll data, student records, benefits information, and credentials for large populations. State AG breach portals show cities, counties, school districts, and universities filing 2026 notices in Texas, Washington, and California — often after vendor or benefits-administration incidents.
Texas Government & Education Breaches (2026)
Interactive Tracker
Texas Government & Education Breaches: 2026 OAG Reports
Texans affected by 2026 breach notices from cities, counties, schools, and universities, by month
Show largest 2026 government and education breach reports
| Entity | Published | Texans affected | Sector |
|---|---|---|---|
| Texas Parks and Wildlife | Jun 26, 2026 | 3,087,721 | PII / Identity |
| Texas Tech University Health Sciences Center | Apr 27, 2026 | 738,506 | Healthcare / Medical |
| Columbia University | May 20, 2026 | 161,544 | Healthcare / Medical |
| Denton County MHMR Center, My Health, My Resources | Jan 5, 2026 | 56,872 | Healthcare / Medical |
| Alamo Heights Independent School District | Jun 22, 2026 | 26,629 | Healthcare / Medical |
Source: Texas Attorney General - Data Security Breach Reports, industry-filtered. Data current through Jul 1, 2026.
Sources
State AG breach portals
State AG reporting & notices
Notable Texas Public-Sector Notices
| Organization | Texans Affected | Date Published |
|---|---|---|
| Texas Parks and Wildlife | 3,087,721 | Jun 26, 2026 |
| Texas Tech University Health Sciences Center | 738,506 | Apr 27, 2026 |
| Columbia University | 161,544 | May 20, 2026 |
| Denton County MHMR Center, My Health, My Resources | 56,872 | Jan 5, 2026 |
| Alamo Heights Independent School District | 26,629 | Jun 22, 2026 |
For Texas school districts specifically, see our Texas ISD ransomware tracker.
Washington Government & Education Breaches (2026)
Interactive Tracker
Washington Government & Education Breaches: 2026 AG Reports
Washingtonians affected by 2026 breach notices from cities, counties, schools, and universities, by month
Show largest 2026 Washington government and education breach reports
| Entity | Published | Washingtonians affected | Sector |
|---|---|---|---|
| Grandview School District | Jun 15, 2026 | 9,414 | Healthcare / Medical |
| The Trustees of the University of Pennsylvania | Apr 15, 2026 | 5,878 | Other |
| Gay & Lesbian Community Services Center of Orange County Inc | Jun 5, 2026 | 1,249 | Financial |
| Lakewood School District | May 29, 2026 | 1,006 | Financial |
| Texas Tech University Health Sciences Center | Apr 9, 2026 | 511 | Healthcare / Medical |
Source: Washington State Attorney General - Data Breach Notifications, industry-filtered. Data current through Jun 15, 2026.
Sources
State AG breach portals
Notable Washington Public-Sector Notices
| Organization | Washingtonians Affected | Date Published |
|---|---|---|
| Navia Benefit Solutions, Inc. (City of Bellevue) | 319,208 | Mar 18, 2026 |
| The Trustees of the University of Pennsylvania | 5,878 | Apr 15, 2026 |
| Lakewood School District | 1,006 | May 29, 2026 |
| Strategic Education Inc. | 14,112 | Jun 1, 2026 |
The City of Bellevue notice through Navia Benefit Solutions is the largest Washington AG filing so far in 2026 — a reminder that municipal benefits vendors can drive public-sector breach counts.
California AG List (No Affected Counts)
California publishes incident names without resident totals. Recent 2026 government and education entries include:
- Los Angeles County Department of Public Social Services — Jun 12, 2026
- Bellflower Unified School District — Jun 12, 2026
- Sacramento County — May 22, 2026
- City of Port Hueneme — May 15, 2026
- Lansing Community College — Jun 5, 2026
Why This Matters
Public-sector organizations face HB 3834 training mandates in Texas, FERPA obligations for schools, and increasing ransomware pressure on under-resourced IT teams. Vendor breaches — especially benefits and payroll administrators — can expose employee and student data across state lines.
Recommendations
- Require MFA on email and administrative systems.
- Enforce DMARC, SPF, and DKIM on official domains.
- Document vendor access and incident response contacts.
- Test backup restoration and phishing reporting workflows.
Related trackers
- Texas OAG YTD dashboard
- Healthcare AG breach tracker
- Financial services tracker
- TX Parks & Wildlife breach
- Law firm breach tracker
- Hospitality & retail tracker
- Washington healthcare breaches (2026)
- Washington law firm breaches (2026)
- CA June roundup
- TX July roundup
- WA May roundup
- Have I Been Pwned
- HIBP July roundup
- Monitoring guide
- All trackers