Premera Members’ Personal Information Exposed in Conduent Data Breach

Premera Blue Cross announced that a data security incident involving one of its service providers, Conduent, exposed the sensitive personal information of its members.

 

Headquartered in Mountlake Terrace, Washington, Premera Blue Cross is a not-for-profit health insurer and independent Blue Cross Blue Shield licensee serving more than 2.5 million people. Conduent supports Premera by providing back-office and administrative services as a third-party vendor, handling certain member data and operational functions.

 

On January 13, Conduent said it suffered an operational outage that affected its clients’ ability to take payments via electronic transfer or EBT cards. In a statement shared with the media, a company spokesperson said that the operational outage was caused by a significant “cyber security incident.”

 

An investigation into the incident determined that “an unauthorised third party accessed Conduent’s environment from October 21, 2024, to January 13, 2025, and obtained some files that contained individuals’ personal information, some of which came into its possession due to the services that Conduent provides Premera.”

 

The compromised data included names, Social Security numbers, dates of birth, treatment/diagnosis description or code, treatment costs, dates of admission/discharge, member identification numbers and claim numbers.

 

Premera confirmed that the breach was confined to Conduent’s internal network and did not impact any of its own systems.

 

“Premera sincerely regrets any concern this incident may cause its members. According to Conduent, upon discovering the incident, it secured its network, notified law enforcement authorities, and safely restored its systems and operations.

 

Letters are being mailed to individuals whose information was contained in the affected files, including an offer of complimentary credit monitoring and identity protection services for two years,” Premera said.