Call +1 (979) 282-5845
Back to news
Cybersecurity Alert
May 12, 2026 by EmailMeNow IT Consulting

21 Law Firm Data Breaches Reported in Texas: Over 155,000 Texans Affected

A review of Texas OAG breach reports reveals 21 incidents involving law firms and legal service providers, affecting more than 155,000 Texans since August 2025.

Source: Texas Office of the Attorney General Data Security Breach Reports

Law FirmsData BreachCybersecurityTexasProfessional Responsibility
Law firm cybersecurity breach concept with digital documents and warning icons

A review of Texas Attorney General breach reports has identified 21 data security incidents involving law firms and legal service providers. These breaches have collectively exposed the personal information of 155,220 Texans.

While some of the affected firms are based outside of Texas, the incidents impacted Texas residents, triggering reporting requirements under Texas law.

Several major incidents stand out due to the high number of Texans affected:

Law-Firm / Legal-Service Breach Reports

21 Likely Legal-Sector Reports
19 Unique Legal Entities
155,220 Texans Affected

Largest Reported Breaches

Thompson & Horton LLP
41,222
Pillsbury Winthrop Shaw Pitman LLP
39,573
Sprouse Shrader Smith PLLC
17,666
Fried, Frank, Harris, Shriver & Jacobson LLP
16,724
Herrman & Herrman PLLC
13,424
View full data table
Law Firm / Legal Entity Texans Affected Date Published
Thompson & Horton LLP 41,222 Oct 30, 2025
Pillsbury Winthrop Shaw Pitman LLP 39,573 Nov 7, 2025
Sprouse Shrader Smith PLLC 17,666 May 5, 2026
Fried, Frank, Harris, Shriver & Jacobson LLP 16,724 Mar 9, 2026
Herrman & Herrman PLLC 13,424 Dec 22, 2025

Source: Texas OAG Data Security Breach Reports. Entities filtered as likely law firms/legal services by organization name. The OAG does not consistently identify attack methods.

These five incidents alone account for a significant portion of the total Texans impacted by law firm-related breaches.

Why Law Firms Are Being Targeted

Law firms are attractive targets for cybercriminals because they hold highly sensitive client data, including:

  • Financial and banking information
  • Personal identifying information (SSNs, driver’s licenses)
  • Medical records
  • Privileged attorney-client communications

A breach at a law firm can have serious consequences, including potential violations of professional responsibility rules and loss of client trust.

Key Observations

  • 19 unique law firms/legal entities have been impacted
  • Multiple firms appear more than once in the reports (e.g., Mehri & Skalet, PLLC and Williams Hart & Boundas, LLP)
  • Breaches span from mid-2025 through May 2026
  • Both large national firms and smaller regional firms have been affected

Recommendations for Texas Law Firms

Given the rising number of incidents, Texas law firms should prioritize the following:

  • Conduct regular cybersecurity risk assessments
  • Implement multi-factor authentication across all systems
  • Review and strengthen vendor and third-party risk management
  • Provide ongoing security awareness training for all staff
  • Maintain a documented and tested incident response plan

Protect your firm and your clients.

Run a free Instant Cybersecurity Audit at audit.emailmenow.com to evaluate your current security posture.

For help building a defensible cybersecurity program tailored for law firms, contact EmailMeNow IT Consulting.

Source: Texas Office of the Attorney General – Data Security Breach Reports