Back to news
Cybersecurity Alert
June 13, 2026 by EmailMeNow IT Consulting

Washington AG Data Breach Notifications: 2026 Tracker

Washington AG breach data shows 50 notifications in 2026 YTD affecting 505,577 Washingtonians. Monthly dashboard aligned with our Texas OAG tracker.

Source: Washington State Attorney General - Data Breach Notifications

CybersecurityData BreachWashingtonState AG
Washington State data breach notification tracker for 2026

The Washington State Attorney General publishes data breach notifications for incidents affecting Washington residents. We track the same monthly format as our Texas OAG breach reports.

Washington AG data shows 50 breach notifications published so far in 2026, affecting 505,577 Washingtonians, current through Jun 19, 2026.

2026 Breach Dashboard

Interactive Dashboard

Washington AG Breach Notifications: 2026 YTD

Washingtonians affected by published breach notices through Jun 19, 2026

Data current through Jun 19, 2026
2026 YTD reports 50
Washingtonians affected 505.6K
Largest report 168.5K
Mar
29.4K
Apr
244.9K
May
146K
Jun
85.3K
Show largest 2026 breach reports
Entity Published Washingtonians affected Sector
Heritage Bank Apr 23, 2026 168,505 Financial
Carnival Corporation May 27, 2026 54,960 Other
Caesars Entertainment, Inc. May 19, 2026 44,023 PII / Identity
Mt. Spokane Pediatrics Apr 30, 2026 29,410 Healthcare / Medical
Xsolis, Inc. Jun 19, 2026 24,711 Healthcare / Medical

Source: Washington State Attorney General - Data Breach Notifications. Data current through Jun 19, 2026.

Sources

What Washington Publishes

Washington notifications include the reporting organization, notice dates, and Washingtonians affected. That makes Washington a good fit for the same affected-count view we publish for Texas, unlike California’s list-only portal.

Largest 2026 Breach Notifications So Far

The largest published Washington AG breach notifications in 2026 by Washingtonians affected are:

  1. Navia Benefit Solutions, Inc. (City of Bellevue) — 319,208 Washingtonians (Government / Benefits)
  2. Heritage Bank — 168,505 Washingtonians (Financial)
  3. Carnival Corporation — 54,960 Washingtonians (Hospitality / Travel)
  4. Caesars Entertainment, Inc. — 44,023 Washingtonians (Hospitality / Entertainment)
  5. Mt. Spokane Pediatrics — 29,410 Washingtonians (Healthcare)
OrganizationDate PublishedWashingtonians AffectedSector
Navia Benefit Solutions, Inc. (City of Bellevue)Mar 18, 2026319,208Government / Benefits
Heritage BankApr 23, 2026168,505Financial
Carnival CorporationMay 27, 202654,960Hospitality / Travel
Caesars Entertainment, Inc.May 19, 202644,023Hospitality / Entertainment
Mt. Spokane PediatricsApr 30, 202629,410Healthcare
OpenLoop Health Inc.Mar 27, 202619,980Healthcare
WellPoint (Independent Clinics of Washington, Elevance Health)Jun 2, 202612,017Healthcare
Bayside DentalApr 17, 20269,683Healthcare
Strategic Education Inc.Jun 1, 202614,112Education
Plaza Home Mortgage Inc.Jun 5, 20269,598Financial / Mortgage

The Washington dataset does not consistently identify attack methods, so these are the largest published notifications by affected Washingtonians — not necessarily the largest confirmed hacks by technique. Several national brands (Carnival, Caesars, WellPoint) also appear on Texas and California AG portals.

Why This Matters

Washington businesses that hold personal data must notify the Attorney General when breaches affect state residents. Weak email authentication, reused passwords, and missing MFA still show up repeatedly in the paths that lead to public breach notices.

If you operate in multiple states, a Washington notification may still matter to Texas-based vendors, clients, or remote employees whose data was exposed.

Practical Steps

  • Review the Washington AG notification list for organizations you do business with.
  • Compare your posture against our Texas OAG tracker if you also serve Texas residents.
  • Enforce DMARC, DKIM, and SPF on your domain.
  • Require MFA on email and financial systems.

Run a free Instant Cybersecurity Audit at audit.emailmenow.com.