Texas Attorney General breach-report data shows that 327 data security breach notices have been published so far in 2026, affecting 24,861,624 Texans.
The data is current through Jul 10, 2026, based on published notices listed on the Texas OAG Data Security Breach Reports page. The OAG notes that report details, including the number of affected Texans and whether consumer notice was provided, may change after a report is listed.
Interactive Dashboard
Use the dashboard below to compare monthly report counts and Texans affected. The toggle switches between affected-person totals and the number of published breach notices.
Interactive Dashboard
Texas OAG Breach Reports: 2026 YTD
Published breach notices and affected Texans through Jul 10, 2026
Show largest 2026 breach reports
| Entity | Published | Texans affected | Sector |
|---|---|---|---|
| Conduent Business Services, LLC (revised submission) | May 20, 2026 | 12,784,367 | Healthcare / Medical |
| Texas Parks and Wildlife | Jun 26, 2026 | 3,087,721 | PII / Identity |
| Cerner Corporation | Jul 7, 2026 | 2,658,388 | Healthcare / Medical |
| Carnival Corporation | May 28, 2026 | 800,060 | Other |
| Texas Tech University Health Sciences Center | Apr 27, 2026 | 738,506 | Healthcare / Medical |
Source: Texas Office of the Attorney General Data Security Breach Reports. Totals reflect published notices and may change as reports are updated.
Sources
State AG breach portals
State AG reporting & notices
Federal registries
Breach databases & aggregators
News & analysis
2026 Breach Activity by Month
May produced the largest affected-person count so far in 2026, driven heavily by a revised Conduent Business Services report. June month-to-date activity accelerated on June 18 when Texas Parks and Wildlife filed a report covering 3,087,721 Texans.
| Month | Reports | Texans Affected |
|---|---|---|
| Jan 2026 | 30 | 267,010 |
| Feb 2026 | 43 | 614,701 |
| Mar 2026 | 57 | 1,169,950 |
| Apr 2026 | 50 | 953,906 |
| May 2026 | 61 | 14,399,460 |
| Jun 2026 | 67 | 4,736,081 |
| Jul 2026 MTD | 19 | 2,720,516 |
2026 Compared with 2025
The 2026 year-to-date affected-person count has surpassed the full-year 2025 total in the committed OAG extract.
| Period | Reports | Texans Affected |
|---|---|---|
| 2026 YTD | 327 | 24,861,624 |
| 2025 same period | 6 | 33,291 |
| Full-year 2025 | 276 | 18,646,595 |
Largest 2026 Breach Reports So Far
The largest published Texas OAG breach reports in 2026 by Texans affected are:
- Conduent Business Services, LLC (revised submission) - 12,784,367 Texans
- Texas Parks and Wildlife - 3,087,721 Texans
- Cerner Corporation - 2,658,388 Texans
- Carnival Corporation - 800,060 Texans
- Texas Tech University Health Sciences Center - 738,506 Texans
The OAG dataset does not consistently identify the attack method, so these are the largest published breach reports by affected Texans, not necessarily the largest confirmed hacks by technique.
Most Common Data Exposures
Among 2026 reports, the most frequently listed exposed data types include:
- Name of individual
- Social Security number information
- Medical information
- Address
- Driver’s license number
- Financial information
Social Security numbers appeared in 276 of the 327 year-to-date reports, while medical information appeared in 193 reports.
Why This Matters for Texas Law Firms
Law firms hold sensitive client records, financial data, identification documents, medical information, employment records, and privileged communications. The breach trends reported to the Texas OAG show why firms should treat cybersecurity as both an operational and compliance priority.
For law firms, the practical lessons are clear:
- Maintain documented access controls
- Require multi-factor authentication
- Review vendor access and contracts
- Test backup restoration
- Train staff on phishing, smishing, and social engineering
- Keep incident response contacts and procedures current
Immediate Steps to Reduce Risk
Texas law firms should review whether they can document:
- Who has access to sensitive systems
- Which vendors can access client or firm data
- Whether MFA is enabled on email, financial, and document systems
- Whether backups are protected from ransomware
- Whether staff know how to report suspicious messages
Run a free Instant Cybersecurity Audit at audit.emailmenow.com to evaluate your firm’s current risk level.
For help building a defensible cybersecurity program, contact EmailMeNow IT Consulting.
Related trackers
- All state AG trackers
- Healthcare AG breach tracker
- Law firm breach tracker
- Texas healthcare breaches (2026)
- Washington AG tracker
- Washington healthcare breaches (2026)
- Washington law firm breaches (2026)
- CA July roundup
- TX July roundup
- WA May roundup
- TX Parks breach
- Have I Been Pwned
- HIBP July roundup
- HHS OCR July roundup
- Monitoring guide