Montana state regulators are investigating a data breach that impacted 462,000 members of Blue Cross Blue Shield of Montana (BCBSMT) after sensitive data was stolen from the insurer's third-party vendor, Conduent. The breach, detected in January 2025, led to questions about delayed notification, as nearly ten months passed before affected individuals were informed. Conduent, which provides mailroom and payment processing services, took almost four months to notify federal regulators, and BCBSMT has stated that while its own systems were not compromised, its members were affected due to the vendor relationship.
Authorities are scrutinizing both the timeline of notifications and the responsibilities of BCBSMT and Conduent in protecting member data. Impacted individuals will receive notification letters from Conduent, and the incident highlights ongoing risks associated with third-party service providers in the healthcare sector. The investigation is ongoing as regulators seek to determine whether notification requirements were met and to assess the broader implications for data security and regulatory compliance in healthcare partnerships.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
7 events from the most recent confirmed update back to the earliest known activity.
Missouri regulators expanded their investigation into Conduent Business Services' 2024-2025 cyber incident and publicly said the company had not provided enough information to assess the breach's impact on Missouri insurance consumers. The move added Missouri to the states actively scrutinizing Conduent over the incident.
The Missouri Department of Commerce and Insurance issued a bulletin requesting information from insurers following the Conduent cybersecurity breach. The action marked an official state response aimed at assessing potential impact on Missouri insurance consumers.
A Montana state district judge in Helena ruled that the Montana State Auditor’s Office could continue investigating the data breach affecting Blue Cross Blue Shield of Montana members. The judge dismissed Health Care Service Corporation’s lawsuit challenging the probe, which concerns whether BCBSMT timely notified the state about the Conduent breach affecting 462,000 members.
Texas Attorney General Ken Paxton issued Civil Investigative Demands to Blue Cross Blue Shield of Texas and Conduent Business Services as part of an investigation into the Conduent breach. The office said about four million Texans, including Medicaid recipients, were affected and is examining the companies' security practices, communications, and compliance with state law.
Conduent Business Services, LLC published a notice stating an unauthorized third party accessed its environment from 2024-10-21 through 2025-01-13, when the incident was discovered. The company said files containing personal, health, and insurance information were obtained, that law enforcement and forensic experts were engaged, and that affected individuals were being notified.
Montana state officials were reported to be looking into a data breach affecting Blue Cross Blue Shield that was linked to a third-party vendor. The two references describe the same development and do not provide additional dated milestones.
Conduent Inc. publicly disclosed a cyber incident in an SEC Form 8-K filing, establishing an early formal notice of the breach that later prompted state investigations and scrutiny over downstream impacts on insurance consumers. This filing predates the Montana and Missouri regulatory actions already in the timeline.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
8 references tracked. Mallory keeps watching after this page renders.
bankinfosecurity.com
Open sourcedci.mo.gov
Open sourcedatabreaches.net
Open sourcetexasattorneygeneral.gov
Open sourceconduent.com
Open sourcegovinfosecurity.com
Open sourcebankinfosecurity.com
Open sourcesec.gov
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.