For Texas Gardyn Customers
Specific consumer-protection options for residents of Texas affected by CISA advisory ICSA-26-055-03.
This page summarizes general legal context for Texas residents. It is not legal advice. Consult an attorney licensed in Texas for advice specific to your situation.
What was exposed
Per CISA advisory ICSA-26-055-03 Update A, an unauthenticated cloud API endpoint (CVE-2026-28766) exposed records for approximately 134,215 customers, including names, email addresses, phone numbers, physical addresses, and the last_four partial credit-card field.
Texas Identity Theft Enforcement and Protection Act
Texas has the Identity Theft Enforcement and Protection Act (Bus. & Com. Code Ch. 521) which governs breach notification and the Deceptive Trade Practices Act (DTPA, Bus. & Com. Code Ch. 17) which provides consumer-protection remedies including treble damages for knowing violations.
If you are a Texas resident potentially affected:
- File a complaint with the Texas Attorney General’s Consumer Protection Division at texasattorneygeneral.gov.
- Send DTPA-required pre-suit notice if pursuing private action.
- Consider class-action representation under DTPA.
Consult a Texas consumer-protection attorney.
Federal options (any state)
- Federal Trade Commission consumer complaint at reportfraud.ftc.gov.
- Identity theft reporting at identitytheft.gov.
- Free fraud alert or credit freeze with the three U.S. credit bureaus (Equifax, Experian, TransUnion).