Back to news
Cybersecurity Alert
June 14, 2026 by EmailMeNow IT Consulting

Hospitality & Retail Breaches in State AG Reports: Carnival, Caesars, and More

Hotels, casinos, cruise lines, and retailers filed 2026 breach notices in Texas, Washington, and California AG portals — Carnival alone appears in all three states.

Source: State Attorney General Breach Portals

HospitalityRetailData BreachTexasWashingtonCaliforniaState AG
Hospitality and retail data breach tracker across state AG portals in 2026

Hotels, casinos, cruise lines, and restaurant chains collect payment data, loyalty credentials, and personal identifiers from customers nationwide. When breaches trigger multi-state notification laws, the same brand can appear on Texas, Washington, and California Attorney General portals within days.

Carnival Corporation is the clearest 2026 example: 800,060 Texans, 54,960 Washingtonians, and a California AG list entry — all published in May 2026.

Texas Hospitality & Retail Breaches (2026)

Interactive Tracker

Texas Hospitality & Retail Breaches: 2026 OAG Reports

Texans affected by 2026 breach notices from hotels, casinos, restaurants, and retailers, by month

Data current through Jun 18, 2026
2026 YTD reports 9
Texans affected 860.5K
Largest report 800.1K
Feb
5.5K
Mar
1.4K
Apr
52.9K
May
800.1K
Jun
672
Show largest 2026 hospitality and retail breach reports
Entity Published Texans affected Sector
Carnival Corporation May 28, 2026 800,060 Other
Restaurant Management Company of Wichita, Inc. Apr 22, 2026 52,017 Healthcare / Medical
Choice Hotels International, Inc. Feb 20, 2026 2,559 PII / Identity
Ace Mart Restaurant Supply Feb 17, 2026 1,484 Financial
Powerhouse Retail Services Feb 4, 2026 1,480 Healthcare / Medical

Source: Texas Attorney General - Data Security Breach Reports, industry-filtered. Data current through Jun 18, 2026.

Sources

State AG breach portals

State AG reporting & notices

Notable Texas Notices

OrganizationTexans AffectedDate Published
Carnival Corporation800,060May 28, 2026
Restaurant Management Company of Wichita, Inc.52,017Apr 22, 2026
Choice Hotels International, Inc.2,559Feb 20, 2026
Ace Mart Restaurant Supply1,484Feb 17, 2026
Powerhouse Retail Services1,480Feb 4, 2026

Washington Hospitality & Retail Breaches (2026)

Interactive Tracker

Washington Hospitality & Retail Breaches: 2026 AG Reports

Washingtonians affected by 2026 breach notices from hotels, casinos, restaurants, and retailers, by month

Data current through May 27, 2026
2026 YTD reports 4
Washingtonians affected 102.5K
Largest report 55K
Apr
1.6K
May
100.9K
Show largest 2026 Washington hospitality and retail breach reports
Entity Published Washingtonians affected Sector
Carnival Corporation May 27, 2026 54,960 Other
Caesars Entertainment, Inc. May 19, 2026 44,023 PII / Identity
7-Eleven, Inc. May 15, 2026 1,940 PII / Identity
Panera, LLC Apr 16, 2026 1,564 Other

Source: Washington State Attorney General - Data Breach Notifications, industry-filtered. Data current through May 27, 2026.

Sources

Notable Washington Notices

OrganizationWashingtonians AffectedDate Published
Carnival Corporation54,960May 27, 2026
Caesars Entertainment, Inc.44,023May 19, 2026
7-Eleven, Inc.1,940May 15, 2026
Panera, LLC1,564Apr 16, 2026

California AG List (No Affected Counts)

California does not publish resident-affected totals, but the same brands recur:

OrganizationDate Reported
Carnival CorporationMay 27, 2026
Casino, LLC dba Larry Flynt’s Lucky Lady CasinoJun 10, 2026
JC Resorts LLCApr 28, 2026
Wynn Resorts, LimitedApr 3, 2026
Nobu Restaurant Group Holding Company, LLCApr 17, 2026
Madison Square Garden Entertainment Corp.Feb 26, 2026
Choice Hotels International, Inc.Feb 19, 2026
Retail Merchandising ServicesMar 16, 2026

Why This Matters for Operators

Hospitality and retail firms process high volumes of PCI and loyalty data. Weak email authentication enables booking fraud, gift-card scams, and vendor impersonation — common paths to breach notifications.

Recommendations

  • Enforce DMARC, SPF, and DKIM on customer-facing domains.
  • Segment POS and loyalty systems from corporate email.
  • Train front-line and reservations staff on phishing and social engineering.
  • Review third-party booking and payment vendor access.