A review of Texas Attorney General breach reports has identified 21 data security incidents involving law firms and legal service providers. These breaches have collectively exposed the personal information of 155,220 Texans.
While some of the affected firms are based outside of Texas, the incidents impacted Texas residents, triggering reporting requirements under Texas law.
Largest Law Firm-Related Breaches
Several major incidents stand out due to the high number of Texans affected:
Law-Firm / Legal-Service Breach Reports
A filtered review of the Texas OAG Data Security Breach Reports database found likely law-firm or legal-service entities in published breach notices from August 2025 through May 2026.
Largest Reported Breaches
All Listed Law-Firm / Legal-Service Entries
| Law Firm / Legal Entity | Location | Texans Affected | Date Published |
|---|---|---|---|
| Martin Showers Smith & McDonald LLP | Hillsboro, Texas | 457 | Aug 29, 2025 |
| Williams Hart & Boundas, LLP | Houston, Texas | 334 | Sep 22, 2025 |
| Sheheen, Hancock & Godwin, LLP. | Camden, South Carolina | 416 | Sep 26, 2025 |
| Wear, Howell, Strickland, Quinn and Law, LLC | Decatur, Alabama | 676 | Oct 7, 2025 |
| Mehri & Skalet, PLLC | Washington, DC | 505 | Oct 27, 2025 |
| Thompson & Horton LLP | Houston, Texas | 41,222 | Oct 30, 2025 |
| Pillsbury Winthrop Shaw Pitman LLP | Los Angeles, California | 39,573 | Nov 7, 2025 |
| Mehri & Skalet, PLLC | Washington, DC | 3,210 | Nov 21, 2025 |
| TorHoerman Law, LLC | Edwardsville, Illinois | 710 | Dec 19, 2025 |
| Herrman & Herrman PLLC | Dallas, Texas | 13,424 | Dec 22, 2025 |
| Foley & Lardner LLP | Milwaukee, Wisconsin | 876 | Dec 29, 2025 |
| The Reecer Law Firm PLLC | Denton, Texas | 897 | Jan 27, 2026 |
| Wisner Baum LLP | Los Angeles, California | 3,154 | Jan 27, 2026 |
| Fried, Frank, Harris, Shriver & Jacobson LLP | New York, New York | 16,724 | Mar 9, 2026 |
| Gearhiser, Peters, Elliott & Cannon, PLLC | Chattanooga, Tennessee | 3,717 | Mar 17, 2026 |
| Williams Hart & Boundas, LLP | Houston, Texas | 7,844 | Mar 18, 2026 |
| Law Office of Michael R. De La Paz | San Antonio, Texas | 2,000 | Apr 13, 2026 |
| Rodenburg Law Firm | Fargo, North Dakota | 606 | Apr 24, 2026 |
| Martin & Cukjati, LLP | San Antonio, Texas | 897 | May 5, 2026 |
| Sprouse Shrader Smith PLLC | Amarillo, Texas | 17,666 | May 5, 2026 |
| Berger & Williams, LLP | San Diego, California | 312 | May 6, 2026 |
Source: Texas OAG Data Security Breach Reports. Entities filtered as likely law firms/legal services by organization name. The OAG does not consistently identify attack methods.
These five incidents alone account for a significant portion of the total Texans impacted by law firm-related breaches.
Why Law Firms Are Being Targeted
Law firms are attractive targets for cybercriminals because they hold highly sensitive client data, including:
- Financial and banking information
- Personal identifying information (SSNs, driver’s licenses)
- Medical records
- Privileged attorney-client communications
A breach at a law firm can have serious consequences, including potential violations of professional responsibility rules and loss of client trust.
Key Observations
- 19 unique law firms/legal entities have been impacted
- Multiple firms appear more than once in the reports (e.g., Mehri & Skalet, PLLC and Williams Hart & Boundas, LLP)
- Breaches span from mid-2025 through May 2026
- Both large national firms and smaller regional firms have been affected
Recommendations for Texas Law Firms
Given the rising number of incidents, Texas law firms should prioritize the following:
- Conduct regular cybersecurity risk assessments
- Implement multi-factor authentication across all systems
- Review and strengthen vendor and third-party risk management
- Provide ongoing security awareness training for all staff
- Maintain a documented and tested incident response plan
Protect your firm and your clients.
Run a free Instant Cybersecurity Audit at audit.emailmenow.com to evaluate your current security posture.
For help building a defensible cybersecurity program tailored for law firms, contact EmailMeNow IT Consulting.
Source: Texas Office of the Attorney General – Data Security Breach Reports