Texas attorney general launches investigation into Conduent breach

Texas Attorney General Ken Paxton launched an investigation into Blue Cross Blue Shield of Texas and Conduent Business Services over the cyberattack and data breach at payments contractor Conduent, which occurred between October 2024 and January 2025. 

Paxton is demanding that Blue Cross Blue Shield of Texas (BCBS) and Conduent provide documents and information pertinent to the investigation and evidence of their compliance with state laws. 

The Conduent data breach affected millions of individuals across several states, including 4 million Texans. The breach impacted several BCBS locations, Premera Blue Cross in Washington, Humana and organizations in other sectors.  

An April 2025 Securities and Exchange Commission filing stated that Conduent experienced an operational disruption beginning Jan. 13, 2025, and restored normal operations within a few days.  

However, further investigation revealed that the intrusion began in October 2024. A cyberthreat actor successfully exfiltrated files containing personal information until Conduent contained the breach in January. 

"The Conduent data breach was likely the largest breach in U.S. history. If any insurance giant cut corners or has information that could help us prevent breaches like this in the future, I will work to uncover it," Paxton said.  

The total number of impacted individuals has not yet been disclosed, but some estimates put the current number at 25 million. Despite Paxton's claims about the historic nature of this breach, this figure does not come close to the Change Healthcare data breach, which impacted 193 million individuals.  

"Texans deserve to know that their private health information is being handled responsibly and in full compliance with the law," Paxton continued. "My office is committed to uncovering exactly what went wrong, taking action to protect Texas families, and ensuring there is justice for any negligence." 

Paxton is seeking information about BCBS's efforts to protect confidential information, as well as information about Conduent's security measures, communications and compliance with Texas law. 

Jill Hughes has covered healthcare cybersecurity and privacy news since 2021.