The Texas Office of the Attorney General published 17 new data security breach reports on June 18, 2026, according to a fresh scrape of the Texas OAG Data Security Breach Reports portal. Combined, these reports cover 3,198,835 Texans.
A single filing — Texas Parks and Wildlife — accounts for roughly 97% of that total. The remaining 16 reports span healthcare, higher education, counties, hospitality, and the legal sector.
June month-to-date now totals 44 published reports affecting 3,782,362 Texans through June 18. See the live Texas OAG YTD dashboard for monthly charts.
Reports Published June 18, 2026
| Entity | Texans Affected | Consumer Notice | Date Published |
|---|---|---|---|
| Texas Parks and Wildlife | 3,087,721 | No | 06/18/2026 |
| Blue Fish Pediatrics | 41,485 | Yes | 06/18/2026 |
| AssetMark, Inc. | 29,802 | Yes | 06/18/2026 |
| Nelson University | 21,905 | Yes | 06/18/2026 |
| Ed Bell Investments, Inc. | 5,041 | Yes | 06/18/2026 |
| SunSource Borrower LLC (“SunSource”) | 2,142 | Yes | 06/18/2026 |
| Passco Companies, LLC | 2,127 | Yes | 06/18/2026 |
| Humana Inc | 2,104 | Yes | 06/18/2026 |
| UBEO Midco LLC | 1,701 | Yes | 06/18/2026 |
| Aransas County, Texas | 1,162 | Yes | 06/18/2026 |
| Oak View Group, LLC | 1,123 | Yes | 06/18/2026 |
| Landstar System Holdings, Inc. | 726 | Yes | 06/18/2026 |
| Casino, LLC dba Larry Flynt’s Lucky Lady Casino | 672 | Yes | 06/18/2026 |
| Duval County, Texas | 474 | No | 06/18/2026 |
| i.e.Smart Systems, LLC | 346 | Yes | 06/18/2026 |
| The Carlson Law Firm | 250 | Yes | 06/18/2026 |
| Louisiana Machinery Company | 54 | Yes | 06/18/2026 |
The OAG notes that report details — including the number of affected Texans and whether consumer notice was provided — may change after a report is first listed.
Texas Parks and Wildlife: 3 Million+ Texans
Texas Parks and Wildlife reported 3,087,721 Texans affected, with exposed data including names, addresses, Social Security numbers, and driver’s license numbers — consistent with the hunting and fishing license vendor breach covered in our companion report.
At publication, the OAG listing showed consumer notice not yet provided for this report. Affected Texans who purchased licenses should monitor official department communications and treat unsolicited contact referencing Parks & Wildlife with caution.

Healthcare and Pediatrics
Blue Fish Pediatrics (Houston) reported 41,485 Texans with names, addresses, SSNs, and driver’s license data exposed. Humana Inc and UBEO Midco LLC also filed June 18 reports involving medical or health-insurance information.
Government and Education
County governments appeared twice on the June 18 list:
- Aransas County, Texas — 1,162 Texans
- Duval County, Texas — 474 Texans (notice not provided at listing)
Nelson University reported 21,905 Texans affected, continuing a pattern of higher-education filings in 2026.

A Texas Law Firm in the Mix
The Carlson Law Firm reported a breach affecting 250 Texans, exposing names, addresses, Social Security numbers, and driver’s license numbers. Legal-sector incidents remain a steady theme in Texas OAG data — see our law firm breach tracker.
Earlier June Filings (June 1–17)
Before the June 18 batch, the OAG published 27 additional reports in June affecting 583,527 Texans, including:
- TriZetto Provider Solutions — 312,562 Texans (06/02/2026)
- Strategic Education Inc. — 100,845 Texans (06/02/2026)
- IMA Diligence Services, LLC — 70,928 Texans (06/01/2026)
- Modjarrad & Associates, PC d/b/a MAS Law — 6,220 Texans (06/01/2026)
- Cleburne ISD — 5,260 Texans (06/05/2026)
What Texas Organizations Should Do
- Review vendor contracts — Texas Parks illustrates how third-party license and payment vendors can drive mega-breach counts.
- Enable MFA on email, VPN, and financial systems.
- Document your program for Texas SB 2610 Safe Harbor and industry regulators.
- Monitor the OAG portal weekly if you hold Texas resident data.
Independent Cybersecurity Audits
EmailMeNow domain audits on June 19, 2026 scored 3 filer domains in this batch.
3 of 3 show 15% Transport Security or below — a recurring gap that makes spoofed breach-notification email easier to deliver.
Texas Parks and Wildlife (tpwd.texas.gov) leads at 74% overall; Louisiana Machinery Company (bigbrand-secure.com) scores 31%.
Pattern: Scores below the 100% ideal on identity or transport still leave room for spoofed incident-response email — even when website headers score higher.
| Organization | Domain | Overall | Identity | Transport | Website | Risk |
|---|---|---|---|---|---|---|
| Texas Parks and Wildlife | tpwd.texas.gov | 74% | 100% | 15% | 45% | Good |
| AssetMark, Inc. | assetmark.com | 54% | 50% | 15% | 45% | Average |
| Louisiana Machinery Company | bigbrand-secure.com | 31% | 0% | 15% | 45% | Weak |
Audit links: tpwd.texas.gov · assetmark.com · bigbrand-secure.com
Related trackers
- All state AG trackers
- Texas OAG YTD dashboard
- California AG breach list
- Washington AG tracker
- Healthcare AG breach tracker
- Washington healthcare breaches (2026)
- Washington law firm breaches (2026)
- CA June roundup
- TX July roundup
- WA May roundup
- TX Parks breach
- Have I Been Pwned
- HIBP July roundup
- Monitoring guide
Benchmark your email security.
Run a free audit at audit.emailmenow.com or contact EmailMeNow IT Consulting.