Yes — Southern Methodist University (SMU, Dallas) is listed on the Texas Attorney General Data Security Breach Reports portal with a publication date of October 17, 2025, affecting 266 Texans. Consumer notice was marked Yes via U.S. Mail.
Texas OAG records list exposed information categories as name, Social Security number, date of birth, and other. Unlike larger 2026 campus filings (TTUHSC, St. Thomas, Nelson), SMU has released comparatively little public forensic narrative beyond the statutory AG listing — so this post anchors on the OAG record plus an independent domain audit.
We scanned smu.edu on July 13, 2026 against the 100% ideal.
Breach Impact (Texas OAG)
| Field | Detail |
|---|---|
| Entity | Southern Methodist University |
| Address (OAG) | 6425 Boaz Lane, Dallas, TX 75275 |
| Texans affected | 266 |
| Data types | Name; SSN; DOB; other |
| Notice provided | Yes — U.S. Mail |
| Date published at OAG | Oct 17, 2025 |

Independent Cybersecurity Audit
| Domain | Overall | Identity | Transport | Website | vs 100% ideal |
|---|---|---|---|---|---|
| smu.edu | 44% | 25% | 15% | 45% | Below Average |
Key findings: SMU matches Rice and UH at 44% overall — far from 100%. 25% identity leaves room for spoofed @smu.edu HR, advancement, and “credit monitoring” phishing long after a SSN/DOB disclosure. Transport 15% is the common Texas campus floor.

Audit: smu.edu
Priority Actions
Community members who received mail: Treat the letter as authoritative; ignore unexpected enrollment links that arrive by email without matching letter codes.
SMU IT / security: Raise DMARC to reject, enforce MTA-STS, and publish a clear incident URL — larger peers (St. Thomas, Tech HSC) show how silence increases spoofing success.
Related Trackers
- Texas colleges audit (SMU ranks near the bottom)
- Public vs private universities
- Texas OAG YTD
audit.emailmenow.com · Contact
Sources: Texas OAG — Data Security Breach Reports · EmailMeNow audit — smu.edu