Lawsuits Accuse Conduent of Negligence in Protecting Personal Data After Network Breach

Multiple class action lawsuits have been launched against American IT and business services provider Conduent, alleging that the company did not take sufficient measures to protect the sensitive data of associated individuals during an unauthorised network breach.

The incident, which occurred around January 13, involved a threat actor gaining unauthorised access to Conduent’s internal network and exfiltrating confidential personal data linked to a limited number of clients’ end users. Although the company stated that the stolen data had not been publicly released or posted on the dark web, the breach disrupted critical services in several U.S. states, including Wisconsin and Oklahoma, affecting benefits and support payments.

The breach impacted several Conduent clients, including Premera Blue Cross and Blue Cross Blue Shield of Montana, which confirmed that the attack originated from Conduent’s systems and exposed sensitive member information such as names, Social Security numbers, dates of birth, treatment details, and claim numbers.

Conduent has notified multiple state attorneys general of the large-scale data breach, which affected residents across numerous states. In filings, the company disclosed that personal information of over 10.5 million individuals was compromised—including more than 4 million in Texas, 76,000 in Washington, and hundreds in Maine—highlighting the extensive reach and severity of the incident.

Soon after notifying affected individuals, multiple lawsuits were filed against Conduent in a New Jersey federal court, accusing the company of negligence for failing to adequately secure its network against unauthorised access and for allegedly providing insufficient notice to those impacted by the data breach.

Along with allegations of negligence, the lawsuits also claim breach of third-party beneficiary contract and unjust enrichment. The plaintiffs seek a jury trial, compensatory, statutory, and punitive damages, as well as injunctive relief compelling Conduent to adopt stronger security practices to ensure the protection of sensitive data.