The Texas Office of the Attorney General published 17 new data security breach reports on May 28 and May 29, 2026, the most recent entries on its Data Security Breach Reports page. Combined, these reports cover 1,006,319 Texans.
A single report — Carnival Corporation — accounts for roughly 80% of that total. But the week’s filings span healthcare, higher education, banking, staffing, manufacturing, and the legal sector, underscoring how broadly data breaches now reach across industries.
Reports Published May 28-29, 2026
| Entity | Texans Affected | Information Affected | Date Published |
|---|---|---|---|
| Carnival Corporation | 800,060 | Name, address, driver’s license, government ID, date of birth | 05/28/2026 |
| Texas Capital | 86,067 | Name, SSN | 05/29/2026 |
| Networking Technology, Inc. | 49,338 | Name, SSN, medical info, date of birth | 05/29/2026 |
| University of St. Thomas - Houston | 24,158 | Name, address, SSN, driver’s license, government ID, financial, medical, health insurance, DOB | 05/28/2026 |
| Blue Teal Holdings, LLC | 9,648 | Name, SSN, driver’s license, government ID, financial | 05/29/2026 |
| ERMI LLC | 9,453 | Name, SSN, driver’s license, financial, medical, health insurance, DOB | 05/28/2026 |
| University of Dallas | 7,313 | Name, SSN, driver’s license, government ID, financial, medical, health insurance | 05/29/2026 |
| Dykema Gossett PLLC | 6,132 | Name, address, SSN, driver’s license, financial, medical, health insurance | 05/28/2026 |
| National Center for Construction Education and Research Ltd. | 4,032 | Name, address, SSN, driver’s license, government ID, financial, DOB | 05/28/2026 |
| Industrial Acceptance Corporation | 2,706 | SSN, driver’s license | 05/29/2026 |
| LoneStar Truck Group / TAG Truck Center | 1,725 | Name, address, SSN | 05/28/2026 |
| Community First Health Plans, Inc. | 1,579 | Name, address, medical info, health insurance, DOB | 05/29/2026 |
| Interstate Management Company, LLC | 1,347 | Name, SSN, financial, medical, health insurance | 05/28/2026 |
| First Advantage Corporation | 1,342 | Name, SSN, driver’s license | 05/29/2026 |
| Steel Warehouse Company LLC | 918 | Name, SSN, driver’s license, government ID, financial, DOB | 05/28/2026 |
| Corient Services LLC | 251 | Name, SSN | 05/29/2026 |
| Louisiana Machinery Company | 250 | Name, address, SSN, driver’s license, government ID, financial, medical, health insurance, other, DOB | 05/28/2026 |
The OAG notes that report details — including the number of affected Texans and whether consumer notice was provided — may change after a report is first listed.
The Week’s Largest Report: Carnival Corporation
Carnival Corporation’s report covers 800,060 Texans, with exposed data including names, addresses, driver’s license numbers, government-issued IDs, and dates of birth. Carnival reported providing notice via print media, online posting, and email.
Financial and Higher-Education Exposure
Two of the week’s larger reports hit Texans where identity-theft risk is highest:
- Texas Capital (Dallas) reported 86,067 Texans with names and Social Security numbers exposed.
- Two Houston-area universities filed reports: University of St. Thomas - Houston (24,158 Texans) and University of Dallas (7,313 Texans), both involving wide-ranging data sets that included SSNs, driver’s licenses, financial, and medical information.
A Law Firm in the Mix
Dykema Gossett PLLC, a large Detroit-headquartered firm, reported a breach affecting 6,132 Texans, exposing names, addresses, Social Security numbers, driver’s license numbers, and financial, medical, and health-insurance information. It is the latest in a steady stream of legal-sector incidents reaching Texas residents in 2026. (See our companion report on recent law firm breaches.)
Notice Not Always Provided
Three of the 17 reports indicate that consumer notice was not provided at the time of publication: Community First Health Plans, Inc., Louisiana Machinery Company, and (in the same window) the legal-sector report covered separately. Under Texas law, entities are generally required to notify affected individuals when 250 or more Texans are involved, and to notify the OAG. Reports listed as “No” may reflect timing, ongoing investigation, or pending notification.
What Common Data Types Tell Us
Across these 17 reports, the most frequently exposed data types were:
- Name of individual
- Social Security number
- Driver’s license number
- Financial information
- Medical and health-insurance information
- Date of birth
This combination is exactly what enables identity theft, fraudulent account opening, and targeted phishing. Affected Texans should consider credit monitoring, fraud alerts, and heightened skepticism of unexpected emails, texts, and calls referencing these organizations.
Why This Matters for Texas Businesses
Whether you run a law firm, clinic, university department, or any business that holds customer or employee records, the week’s reports reinforce a simple reality: breaches cut across every sector. The practical defenses are consistent:
- Require multi-factor authentication on email, financial, and document systems
- Maintain documented access controls and least-privilege permissions
- Review vendor and third-party access to sensitive data
- Test backup restoration against ransomware
- Train staff to recognize phishing, smishing, and social engineering
- Keep an incident-response plan current and rehearsed
Run a free Instant Cybersecurity Audit at audit.emailmenow.com to evaluate your organization’s current risk level.
For help building a defensible cybersecurity program, contact EmailMeNow IT Consulting.
Source: Texas Office of the Attorney General – Data Security Breach Reports