A review of Texas Attorney General breach reports has identified 25 data security incidents involving law firms and legal service providers. These breaches have collectively exposed the personal information of 168,147 Texans.
While some of the affected firms are based outside of Texas, the incidents impacted Texas residents, triggering reporting requirements under Texas law. Data is current through Jun 18, 2026.
Texas Law Firm Breaches (2026)
Interactive Tracker
Texas Law Firm Breaches: 2026 OAG Reports
Texans affected by 2026 breach notices from law firms and legal-service providers, by month
Show largest 2026 law firm breach reports
| Entity | Published | Texans affected | Sector |
|---|---|---|---|
| Sprouse Shrader Smith PLLC | May 5, 2026 | 17,666 | Healthcare / Medical |
| Fried, Frank, Harris, Shriver & Jacobson LLP | Mar 9, 2026 | 16,724 | Healthcare / Medical |
| Williams Hart & Boundas, LLP | Mar 18, 2026 | 7,844 | Healthcare / Medical |
| Modjarrad & Associates, PC d/b/a MAS Law | Jun 1, 2026 | 6,220 | Healthcare / Medical |
| Dykema Gossett PLLC | May 28, 2026 | 6,132 | Healthcare / Medical |
Source: Texas Attorney General - Data Security Breach Reports, industry-filtered. Data current through Jul 10, 2026.
Sources
State AG breach portals
State AG reporting & notices
Notable Texas Law Firm Notices
| Organization | Texans Affected | Date Published |
|---|---|---|
| Sprouse Shrader Smith PLLC | 17,666 | May 5, 2026 |
| Fried, Frank, Harris, Shriver & Jacobson LLP | 16,724 | Mar 9, 2026 |
| Williams Hart & Boundas, LLP | 7,844 | Mar 18, 2026 |
| Modjarrad & Associates, PC d/b/a MAS Law | 6,220 | Jun 1, 2026 |
| Dykema Gossett PLLC | 6,132 | May 28, 2026 |
Largest Law Firm-Related Breaches (Aug 2025+)
Several major incidents stand out due to the high number of Texans affected:
Law-Firm / Legal-Service Breach Reports
A filtered review of the Texas OAG Data Security Breach Reports database found likely law-firm or legal-service entities in published breach notices from Aug 1, 2025 through Jul 10, 2026.
Largest Reported Breaches
All Listed Law-Firm / Legal-Service Entries
| Law Firm / Legal Entity | Location | Texans Affected | Date Published |
|---|---|---|---|
| Martin Showers Smith & McDonald LLP | Hillsboro, Texas | 457 | Aug 29, 2025 |
| Williams Hart & Boundas, LLP | Houston, Texas | 334 | Sep 22, 2025 |
| Sheheen, Hancock & Godwin, LLP. | Camden, South Carolina | 416 | Sep 26, 2025 |
| Wear, Howell, Strickland, Quinn and Law, LLC | Decatur, Alabama | 676 | Oct 7, 2025 |
| Mehri & Skalet, PLLC | Washington, DC, District of Columbia | 505 | Oct 27, 2025 |
| Thompson & Horton LLP | Houston, Texas | 41,222 | Oct 30, 2025 |
| Pillsbury Winthrop Shaw Pitman LLP | Los Angeles, California | 39,573 | Nov 7, 2025 |
| Mehri & Skalet, PLLC | Washington, District of Columbia | 3,210 | Nov 21, 2025 |
| TorHoerman Law, LLC | Edwardsville, Illinois | 710 | Dec 19, 2025 |
| Herrman & Herrman PLLC | Dallas, Texas | 13,424 | Dec 22, 2025 |
| Foley & Lardner LLP | Milwaukee, Wisconsin | 876 | Dec 29, 2025 |
| The Reecer Law Firm PLLC | Denton, Texas | 897 | Jan 27, 2026 |
| Wisner Baum LLP | Los Angeles, California | 3,154 | Jan 27, 2026 |
| Fried, Frank, Harris, Shriver & Jacobson LLP | New York, New York | 16,724 | Mar 9, 2026 |
| Gearhiser, Peters, Elliott & Cannon, PLLC | Chattanooga, Tennessee | 3,717 | Mar 17, 2026 |
| Williams Hart & Boundas, LLP | Houston, Texas | 7,844 | Mar 18, 2026 |
| Law Office of Michael R. De La Paz | San Antonio, Texas | 2,000 | Apr 13, 2026 |
| Rodenburg Law Firm | Fargo, North Dakota | 606 | Apr 24, 2026 |
| Martin & Cukjati, LLP | San Antonio, Texas | 897 | May 5, 2026 |
| Sprouse Shrader Smith PLLC | Amarillo, Texas | 17,666 | May 5, 2026 |
| Berger & Williams, LLP | San Diego, California | 312 | May 6, 2026 |
| Dykema Gossett PLLC | Detroit, Michigan | 6,132 | May 28, 2026 |
| Modjarrad & Associates, PC d/b/a MAS Law | Richardson, Texas | 6,220 | Jun 1, 2026 |
| Tarter Krinsky & Drogin LLP | New York, New York | 325 | Jun 9, 2026 |
| The Carlson Law Firm | Killeen, Texas | 250 | Jun 18, 2026 |
| Spencer & Associates Therapeutic Alliance, PLLC | Houston, Texas | 405 | Jun 26, 2026 |
| The Law Offices of Rakesh Mehrotra | Reston, Virginia | 1,029 | Jul 10, 2026 |
Primary data: Texas OAG Data Security Breach Reports. Entities filtered as likely law firms/legal services by organization name. Data current through Jul 10, 2026. The OAG does not consistently identify attack methods.
Sources
State AG breach portals
State AG reporting & notices
Federal registries
Breach databases & aggregators
News & analysis
These five incidents alone account for a significant portion of the total Texans impacted by law firm-related breaches.
Washington Law Firm Breaches (2026)
No Washington AG breach notices in our current dataset matched law-firm or legal-service entity filters for 2026. Monitor the Washington AG breach notifications page for new filings.
Notable Washington Law Firm Notices
| Organization | Washingtonians Affected | Date Published |
|---|---|---|
| — | — | — |
California AG List (No Affected Counts)
California publishes incident names without resident totals. 8 likely law-firm or legal-service entries were reported in 2026 through Jul 2, 2026:
- Rodenburg Law Firm — Jul 2, 2026
- Pearlman, Brown & Wax LLP — Jun 9, 2026
- Fong, Ko & Associates LLP — Jun 1, 2026
- Berger & Williams, LLP — May 5, 2026
- Dubroff, Easley, & Lovell, LLP — Mar 25, 2026
- Fried, Frank, Harris, Shriver & Jacobson LLP — Mar 6, 2026
- Fried, Frank, Harris, Shriver & Jacobson LLP — Jan 30, 2026
- Wisner Baum LLP — Jan 23, 2026
Why Law Firms Are Being Targeted
Law firms are attractive targets for cybercriminals because they hold highly sensitive client data, including:
- Financial and banking information
- Personal identifying information (SSNs, driver’s licenses)
- Medical records
- Privileged attorney-client communications
A breach at a law firm can have serious consequences, including potential violations of professional responsibility rules and loss of client trust.
Key Observations
- 25 unique law firms/legal entities have been impacted
- Multiple firms appear more than once in the reports (e.g., Mehri & Skalet, PLLC and Williams Hart & Boundas, LLP)
- Breaches span from August 2025 through Jul 10, 2026
- Both large national firms and smaller regional firms have been affected
Recommendations for Texas Law Firms
Given the rising number of incidents, Texas law firms should prioritize the following:
- Conduct regular cybersecurity risk assessments
- Implement multi-factor authentication across all systems
- Review and strengthen vendor and third-party risk management
- Provide ongoing security awareness training for all staff
- Maintain a documented and tested incident response plan
Related trackers
- Texas OAG YTD dashboard
- Washington law firm breaches (2026)
- Healthcare AG breach tracker
- Financial services tracker
- Hospitality & retail tracker
- Washington healthcare breaches (2026)
- CA July roundup
- TX July roundup
- WA May roundup
- TX Parks breach
- Have I Been Pwned
- HIBP July roundup
- HHS OCR July roundup
- Monitoring guide
- All trackers