Back to news
Cybersecurity Alert
May 12, 2026 by EmailMeNow IT Consulting

Texas OAG Breach Reports Show 24,861,624 Texans Affected in 2026

Texas Attorney General breach-report data shows 327 published breach notices in 2026 year-to-date, affecting 24,861,624 Texans.

Source: Texas Office of the Attorney General Data Security Breach Reports

CybersecurityData BreachTexasLaw Firms
Cybersecurity dashboard tracking Texas OAG data breach reports in 2026

Texas Attorney General breach-report data shows that 327 data security breach notices have been published so far in 2026, affecting 24,861,624 Texans.

The data is current through Jul 10, 2026, based on published notices listed on the Texas OAG Data Security Breach Reports page. The OAG notes that report details, including the number of affected Texans and whether consumer notice was provided, may change after a report is listed.

Interactive Dashboard

Use the dashboard below to compare monthly report counts and Texans affected. The toggle switches between affected-person totals and the number of published breach notices.

Interactive Dashboard

Texas OAG Breach Reports: 2026 YTD

Published breach notices and affected Texans through Jul 10, 2026

Data current through Jul 10, 2026
2026 YTD reports 327
Texans affected 24.9M
Largest report 12.8M
Jan
267K
Feb
614.7K
Mar
1.2M
Apr
953.9K
May
14.4M
Jun
4.7M
Jul MTD
2.7M
Show largest 2026 breach reports
Entity Published Texans affected Sector
Conduent Business Services, LLC (revised submission) May 20, 2026 12,784,367 Healthcare / Medical
Texas Parks and Wildlife Jun 26, 2026 3,087,721 PII / Identity
Cerner Corporation Jul 7, 2026 2,658,388 Healthcare / Medical
Carnival Corporation May 28, 2026 800,060 Other
Texas Tech University Health Sciences Center Apr 27, 2026 738,506 Healthcare / Medical

Source: Texas Office of the Attorney General Data Security Breach Reports. Totals reflect published notices and may change as reports are updated.

Sources

2026 Breach Activity by Month

May produced the largest affected-person count so far in 2026, driven heavily by a revised Conduent Business Services report. June month-to-date activity accelerated on June 18 when Texas Parks and Wildlife filed a report covering 3,087,721 Texans.

MonthReportsTexans Affected
Jan 202630267,010
Feb 202643614,701
Mar 2026571,169,950
Apr 202650953,906
May 20266114,399,460
Jun 2026674,736,081
Jul 2026 MTD192,720,516

2026 Compared with 2025

The 2026 year-to-date affected-person count has surpassed the full-year 2025 total in the committed OAG extract.

PeriodReportsTexans Affected
2026 YTD32724,861,624
2025 same period633,291
Full-year 202527618,646,595

Largest 2026 Breach Reports So Far

The largest published Texas OAG breach reports in 2026 by Texans affected are:

  1. Conduent Business Services, LLC (revised submission) - 12,784,367 Texans
  2. Texas Parks and Wildlife - 3,087,721 Texans
  3. Cerner Corporation - 2,658,388 Texans
  4. Carnival Corporation - 800,060 Texans
  5. Texas Tech University Health Sciences Center - 738,506 Texans

The OAG dataset does not consistently identify the attack method, so these are the largest published breach reports by affected Texans, not necessarily the largest confirmed hacks by technique.

Most Common Data Exposures

Among 2026 reports, the most frequently listed exposed data types include:

  • Name of individual
  • Social Security number information
  • Medical information
  • Address
  • Driver’s license number
  • Financial information

Social Security numbers appeared in 276 of the 327 year-to-date reports, while medical information appeared in 193 reports.

Why This Matters for Texas Law Firms

Law firms hold sensitive client records, financial data, identification documents, medical information, employment records, and privileged communications. The breach trends reported to the Texas OAG show why firms should treat cybersecurity as both an operational and compliance priority.

For law firms, the practical lessons are clear:

  • Maintain documented access controls
  • Require multi-factor authentication
  • Review vendor access and contracts
  • Test backup restoration
  • Train staff on phishing, smishing, and social engineering
  • Keep incident response contacts and procedures current

Immediate Steps to Reduce Risk

Texas law firms should review whether they can document:

  • Who has access to sensitive systems
  • Which vendors can access client or firm data
  • Whether MFA is enabled on email, financial, and document systems
  • Whether backups are protected from ransomware
  • Whether staff know how to report suspicious messages

Run a free Instant Cybersecurity Audit at audit.emailmenow.com to evaluate your firm’s current risk level.

For help building a defensible cybersecurity program, contact EmailMeNow IT Consulting.