Back to news
Cybersecurity Alert
June 19, 2026 by EmailMeNow IT Consulting

17 New Texas Breach Reports Published June 18, 2026: 3.2 Million Texans Affected

Texas OAG published 17 new data security breach reports on June 18, 2026, affecting 3,198,835 Texans. Texas Parks and Wildlife alone accounts for 3,087,721, with healthcare, counties, and a Texas law firm also reporting.

Source: Texas Office of the Attorney General Data Security Breach Reports

CybersecurityData BreachTexasGovernmentLaw Firms
Texas data breach report roundup for June 18, 2026

The Texas Office of the Attorney General published 17 new data security breach reports on June 18, 2026, according to a fresh scrape of the Texas OAG Data Security Breach Reports portal. Combined, these reports cover 3,198,835 Texans.

A single filing — Texas Parks and Wildlife — accounts for roughly 97% of that total. The remaining 16 reports span healthcare, higher education, counties, hospitality, and the legal sector.

June month-to-date now totals 44 published reports affecting 3,782,362 Texans through June 18. See the live Texas OAG YTD dashboard for monthly charts.

Reports Published June 18, 2026

EntityTexans AffectedConsumer NoticeDate Published
Texas Parks and Wildlife3,087,721No06/18/2026
Blue Fish Pediatrics41,485Yes06/18/2026
AssetMark, Inc.29,802Yes06/18/2026
Nelson University21,905Yes06/18/2026
Ed Bell Investments, Inc.5,041Yes06/18/2026
SunSource Borrower LLC (“SunSource”)2,142Yes06/18/2026
Passco Companies, LLC2,127Yes06/18/2026
Humana Inc2,104Yes06/18/2026
UBEO Midco LLC1,701Yes06/18/2026
Aransas County, Texas1,162Yes06/18/2026
Oak View Group, LLC1,123Yes06/18/2026
Landstar System Holdings, Inc.726Yes06/18/2026
Casino, LLC dba Larry Flynt’s Lucky Lady Casino672Yes06/18/2026
Duval County, Texas474No06/18/2026
i.e.Smart Systems, LLC346Yes06/18/2026
The Carlson Law Firm250Yes06/18/2026
Louisiana Machinery Company54Yes06/18/2026

The OAG notes that report details — including the number of affected Texans and whether consumer notice was provided — may change after a report is first listed.

Texas Parks and Wildlife: 3 Million+ Texans

Texas Parks and Wildlife reported 3,087,721 Texans affected, with exposed data including names, addresses, Social Security numbers, and driver’s license numbers — consistent with the hunting and fishing license vendor breach covered in our companion report.

At publication, the OAG listing showed consumer notice not yet provided for this report. Affected Texans who purchased licenses should monitor official department communications and treat unsolicited contact referencing Parks & Wildlife with caution.

Illustration: massive Texas Parks and Wildlife vendor breach affecting millions of state residents

Healthcare and Pediatrics

Blue Fish Pediatrics (Houston) reported 41,485 Texans with names, addresses, SSNs, and driver’s license data exposed. Humana Inc and UBEO Midco LLC also filed June 18 reports involving medical or health-insurance information.

Government and Education

County governments appeared twice on the June 18 list:

  • Aransas County, Texas — 1,162 Texans
  • Duval County, Texas — 474 Texans (notice not provided at listing)

Nelson University reported 21,905 Texans affected, continuing a pattern of higher-education filings in 2026.

Illustration: pediatric clinic and county government representing smaller June 18 Texas breach filings

A Texas Law Firm in the Mix

The Carlson Law Firm reported a breach affecting 250 Texans, exposing names, addresses, Social Security numbers, and driver’s license numbers. Legal-sector incidents remain a steady theme in Texas OAG data — see our law firm breach tracker.

Earlier June Filings (June 1–17)

Before the June 18 batch, the OAG published 27 additional reports in June affecting 583,527 Texans, including:

  • TriZetto Provider Solutions — 312,562 Texans (06/02/2026)
  • Strategic Education Inc. — 100,845 Texans (06/02/2026)
  • IMA Diligence Services, LLC — 70,928 Texans (06/01/2026)
  • Modjarrad & Associates, PC d/b/a MAS Law — 6,220 Texans (06/01/2026)
  • Cleburne ISD — 5,260 Texans (06/05/2026)

What Texas Organizations Should Do

  1. Review vendor contracts — Texas Parks illustrates how third-party license and payment vendors can drive mega-breach counts.
  2. Enable MFA on email, VPN, and financial systems.
  3. Document your program for Texas SB 2610 Safe Harbor and industry regulators.
  4. Monitor the OAG portal weekly if you hold Texas resident data.

Independent Cybersecurity Audits

EmailMeNow domain audits on June 19, 2026 scored 3 filer domains in this batch. 3 of 3 show 15% Transport Security or below — a recurring gap that makes spoofed breach-notification email easier to deliver. Texas Parks and Wildlife (tpwd.texas.gov) leads at 74% overall; Louisiana Machinery Company (bigbrand-secure.com) scores 31%.

Pattern: Scores below the 100% ideal on identity or transport still leave room for spoofed incident-response email — even when website headers score higher.

OrganizationDomainOverallIdentityTransportWebsiteRisk
Texas Parks and Wildlifetpwd.texas.gov74%100%15%45%Good
AssetMark, Inc.assetmark.com54%50%15%45%Average
Louisiana Machinery Companybigbrand-secure.com31%0%15%45%Weak

Audit links: tpwd.texas.gov · assetmark.com · bigbrand-secure.com


Benchmark your email security.

Run a free audit at audit.emailmenow.com or contact EmailMeNow IT Consulting.