Texas Attorney General breach-report data shows that 214 data security breach notices have been published so far in 2026, affecting 18,810,053 Texans.
The data is current through May 11, 2026, based on published notices listed on the Texas OAG Data Security Breach Reports page. The OAG notes that report details, including the number of affected Texans and whether consumer notice was provided, may change after a report is listed.
Interactive Dashboard
Use the dashboard below to compare monthly report counts and Texans affected. The toggle switches between affected-person totals and the number of published breach notices.
Interactive Dashboard
Texas OAG Breach Reports: 2026 YTD
Published breach notices and affected Texans through May 11, 2026
Show largest 2026 breach reports
| Entity | Published | Texans affected | Sector |
|---|---|---|---|
| Conduent Business Services, LLC | Feb. 2, 2026 | 15,494,592 | Other |
| Texas Tech University Health Sciences Center | Apr. 27, 2026 | 738,506 | Healthcare / Medical Provider |
| Episource, LLC | Feb. 11, 2026 | 351,562 | Other |
| North Texas Behavioral Health Authority | Mar. 9, 2026 | 284,525 | Healthcare / Medical Provider |
| QualDerm Partners, LLC | Feb. 24, 2026 | 174,837 | Healthcare / Medical Provider |
Source: Texas Office of the Attorney General Data Security Breach Reports. Totals reflect published notices and may change as reports are updated.
2026 Breach Activity by Month
February produced the largest affected-person count so far in 2026, driven heavily by a major Conduent Business Services report.
| Month | Reports | Texans Affected |
|---|---|---|
| January 2026 | 31 | 296,413 |
| February 2026 | 46 | 16,283,432 |
| March 2026 | 65 | 1,203,545 |
| April 2026 | 50 | 953,906 |
| May 2026 MTD | 22 | 72,757 |
2026 Compared with 2025
The 2026 year-to-date affected-person count is already approaching the full-year 2025 total.
| Period | Reports | Texans Affected |
|---|---|---|
| 2026 YTD | 214 | 18,810,053 |
| 2025 same period | 7 | 31,977 |
| Full-year 2025 | 383 | 20,975,873 |
Largest 2026 Breach Reports So Far
The largest published Texas OAG breach reports in 2026 by Texans affected are:
- Conduent Business Services, LLC - 15,494,592 Texans
- Texas Tech University Health Sciences Center - 738,506 Texans
- Episource, LLC - 351,562 Texans
- North Texas Behavioral Health Authority - 284,525 Texans
- QualDerm Partners, LLC - 174,837 Texans
The OAG dataset does not consistently identify the attack method, so these are the largest published breach reports by affected Texans, not necessarily the largest confirmed hacks by technique.
Most Common Data Exposures
Among 2026 reports, the most frequently listed exposed data types include:
- Name of individual
- Social Security number information
- Medical information
- Address
- Driver’s license number
- Financial information
Social Security numbers appeared in 178 of the 214 year-to-date reports, while medical information appeared in 115 reports.
Why This Matters for Texas Law Firms
Law firms hold sensitive client records, financial data, identification documents, medical information, employment records, and privileged communications. The breach trends reported to the Texas OAG show why firms should treat cybersecurity as both an operational and compliance priority.
For law firms, the practical lessons are clear:
- Maintain documented access controls
- Require multi-factor authentication
- Review vendor access and contracts
- Test backup restoration
- Train staff on phishing, smishing, and social engineering
- Keep incident response contacts and procedures current
Immediate Steps to Reduce Risk
Texas law firms should review whether they can document:
- Who has access to sensitive systems
- Which vendors can access client or firm data
- Whether MFA is enabled on email, financial, and document systems
- Whether backups are protected from ransomware
- Whether staff know how to report suspicious messages
Run a free Instant Cybersecurity Audit at audit.emailmenow.com to evaluate your firm’s current risk level.
For help building a defensible cybersecurity program, contact EmailMeNow IT Consulting.