Back to news
Cybersecurity Alert
May 12, 2026 by EmailMeNow IT Consulting

27 Law Firm Data Breaches Reported in Texas: Over 169,581 Texans Affected

A review of Texas OAG breach reports reveals 27 incidents involving law firms and legal service providers, affecting more than 169,581 Texans since August 2025.

Source: Texas Office of the Attorney General Data Security Breach Reports

Law FirmsData BreachCybersecurityTexasWashingtonCaliforniaProfessional Responsibility
Law firm cybersecurity breach concept with digital documents and warning icons

Video explainer

A review of Texas Attorney General breach reports has identified 25 data security incidents involving law firms and legal service providers. These breaches have collectively exposed the personal information of 168,147 Texans.

While some of the affected firms are based outside of Texas, the incidents impacted Texas residents, triggering reporting requirements under Texas law. Data is current through Jun 18, 2026.

Texas Law Firm Breaches (2026)

Interactive Tracker

Texas Law Firm Breaches: 2026 OAG Reports

Texans affected by 2026 breach notices from law firms and legal-service providers, by month

Data current through Jul 10, 2026
2026 YTD reports 16
Texans affected 68.2K
Largest report 17.7K
Jan
4.1K
Mar
28.3K
Apr
2.6K
May
25K
Jun
7.2K
Jul MTD
1K
Show largest 2026 law firm breach reports
Entity Published Texans affected Sector
Sprouse Shrader Smith PLLC May 5, 2026 17,666 Healthcare / Medical
Fried, Frank, Harris, Shriver & Jacobson LLP Mar 9, 2026 16,724 Healthcare / Medical
Williams Hart & Boundas, LLP Mar 18, 2026 7,844 Healthcare / Medical
Modjarrad & Associates, PC d/b/a MAS Law Jun 1, 2026 6,220 Healthcare / Medical
Dykema Gossett PLLC May 28, 2026 6,132 Healthcare / Medical

Source: Texas Attorney General - Data Security Breach Reports, industry-filtered. Data current through Jul 10, 2026.

Sources

State AG breach portals

State AG reporting & notices

Notable Texas Law Firm Notices

OrganizationTexans AffectedDate Published
Sprouse Shrader Smith PLLC17,666May 5, 2026
Fried, Frank, Harris, Shriver & Jacobson LLP16,724Mar 9, 2026
Williams Hart & Boundas, LLP7,844Mar 18, 2026
Modjarrad & Associates, PC d/b/a MAS Law6,220Jun 1, 2026
Dykema Gossett PLLC6,132May 28, 2026

Several major incidents stand out due to the high number of Texans affected:

Law-Firm / Legal-Service Breach Reports

A filtered review of the Texas OAG Data Security Breach Reports database found likely law-firm or legal-service entities in published breach notices from Aug 1, 2025 through Jul 10, 2026.

27 Likely Legal-Sector Reports
25 Unique Legal Entities
169,581 Texans Affected

Largest Reported Breaches

Thompson & Horton LLP
41,222
Pillsbury Winthrop Shaw Pitman LLP
39,573
Sprouse Shrader Smith PLLC
17,666
Fried, Frank, Harris, Shriver & Jacobson LLP
16,724
Herrman & Herrman PLLC
13,424

All Listed Law-Firm / Legal-Service Entries

Law Firm / Legal Entity Location Texans Affected Date Published
Martin Showers Smith & McDonald LLP Hillsboro, Texas 457 Aug 29, 2025
Williams Hart & Boundas, LLP Houston, Texas 334 Sep 22, 2025
Sheheen, Hancock & Godwin, LLP. Camden, South Carolina 416 Sep 26, 2025
Wear, Howell, Strickland, Quinn and Law, LLC Decatur, Alabama 676 Oct 7, 2025
Mehri & Skalet, PLLC Washington, DC, District of Columbia 505 Oct 27, 2025
Thompson & Horton LLP Houston, Texas 41,222 Oct 30, 2025
Pillsbury Winthrop Shaw Pitman LLP Los Angeles, California 39,573 Nov 7, 2025
Mehri & Skalet, PLLC Washington, District of Columbia 3,210 Nov 21, 2025
TorHoerman Law, LLC Edwardsville, Illinois 710 Dec 19, 2025
Herrman & Herrman PLLC Dallas, Texas 13,424 Dec 22, 2025
Foley & Lardner LLP Milwaukee, Wisconsin 876 Dec 29, 2025
The Reecer Law Firm PLLC Denton, Texas 897 Jan 27, 2026
Wisner Baum LLP Los Angeles, California 3,154 Jan 27, 2026
Fried, Frank, Harris, Shriver & Jacobson LLP New York, New York 16,724 Mar 9, 2026
Gearhiser, Peters, Elliott & Cannon, PLLC Chattanooga, Tennessee 3,717 Mar 17, 2026
Williams Hart & Boundas, LLP Houston, Texas 7,844 Mar 18, 2026
Law Office of Michael R. De La Paz San Antonio, Texas 2,000 Apr 13, 2026
Rodenburg Law Firm Fargo, North Dakota 606 Apr 24, 2026
Martin & Cukjati, LLP San Antonio, Texas 897 May 5, 2026
Sprouse Shrader Smith PLLC Amarillo, Texas 17,666 May 5, 2026
Berger & Williams, LLP San Diego, California 312 May 6, 2026
Dykema Gossett PLLC Detroit, Michigan 6,132 May 28, 2026
Modjarrad & Associates, PC d/b/a MAS Law Richardson, Texas 6,220 Jun 1, 2026
Tarter Krinsky & Drogin LLP New York, New York 325 Jun 9, 2026
The Carlson Law Firm Killeen, Texas 250 Jun 18, 2026
Spencer & Associates Therapeutic Alliance, PLLC Houston, Texas 405 Jun 26, 2026
The Law Offices of Rakesh Mehrotra Reston, Virginia 1,029 Jul 10, 2026

Primary data: Texas OAG Data Security Breach Reports. Entities filtered as likely law firms/legal services by organization name. Data current through Jul 10, 2026. The OAG does not consistently identify attack methods.

Sources

These five incidents alone account for a significant portion of the total Texans impacted by law firm-related breaches.

Washington Law Firm Breaches (2026)

No Washington AG breach notices in our current dataset matched law-firm or legal-service entity filters for 2026. Monitor the Washington AG breach notifications page for new filings.

Notable Washington Law Firm Notices

OrganizationWashingtonians AffectedDate Published

California AG List (No Affected Counts)

California publishes incident names without resident totals. 8 likely law-firm or legal-service entries were reported in 2026 through Jul 2, 2026:

  • Rodenburg Law Firm — Jul 2, 2026
  • Pearlman, Brown & Wax LLP — Jun 9, 2026
  • Fong, Ko & Associates LLP — Jun 1, 2026
  • Berger & Williams, LLP — May 5, 2026
  • Dubroff, Easley, & Lovell, LLP — Mar 25, 2026
  • Fried, Frank, Harris, Shriver & Jacobson LLP — Mar 6, 2026
  • Fried, Frank, Harris, Shriver & Jacobson LLP — Jan 30, 2026
  • Wisner Baum LLP — Jan 23, 2026

Why Law Firms Are Being Targeted

Law firms are attractive targets for cybercriminals because they hold highly sensitive client data, including:

  • Financial and banking information
  • Personal identifying information (SSNs, driver’s licenses)
  • Medical records
  • Privileged attorney-client communications

A breach at a law firm can have serious consequences, including potential violations of professional responsibility rules and loss of client trust.

Key Observations

  • 25 unique law firms/legal entities have been impacted
  • Multiple firms appear more than once in the reports (e.g., Mehri & Skalet, PLLC and Williams Hart & Boundas, LLP)
  • Breaches span from August 2025 through Jul 10, 2026
  • Both large national firms and smaller regional firms have been affected

Recommendations for Texas Law Firms

Given the rising number of incidents, Texas law firms should prioritize the following:

  • Conduct regular cybersecurity risk assessments
  • Implement multi-factor authentication across all systems
  • Review and strengthen vendor and third-party risk management
  • Provide ongoing security awareness training for all staff
  • Maintain a documented and tested incident response plan