State regulators are investigating a security breach at a third-party vendor for Blue Cross Blue Shield Montana that may have compromised the medical and personal information of hundreds of thousands of residents.
“We’re notified that 462,000 Montanans’ information may have been hacked,” James Brown, the state auditor and insurance commissioner, told the regional television network NBC Montana. “That’s an incredible number if you think about it. That’s one third of the state’s population.”
The breach, which happened between late 2024 and early 2025, reportedly includes names, addresses, birthdates, billing and medical data, phone numbers and other sensitive information, according to regulators. The cyberattack is “a deeply disturbing incident with far-reaching and jaw-dropping consequences for our citizens,” Brown said.
After the leak was discovered, Brown’s office requested details from the insurer and its vendor Conduent, which manages critical public services across the United States.
“We are currently analyzing the responses and continuing our investigation as to what happened,” Brown said. “We would certainly have enforcement authority if we believed one or two violations occurred, either that they did not timely notify us as the insurance regulator of the breach and/or they did not timely notify the persons whose personal data was breached."
Brown’s office has responded with new cybersecurity initiatives and a public awareness campaign urging Montanans to review insurance statements and report suspicious activity. It also is the first state agency to use an AI-powered assistant to handle the surge in consumer questions and help prioritize claims. "I think it will bring consistency to our operations at the auditor's office," he said.
On the same day the state investigation was announced, a group of attorneys filed a class-action lawsuit in Helena alleging that the corporation failed to notify customers and didn’t take standard precautions to safeguard the data, the Daily Montanan reported.
Meanwhile, Fox News reported that the Conduent cyberattack exposed personal information linked to more than 10 million people nationwide. During the breach, attackers reportedly stole large amounts of data linked to state-level programs such as Medicaid, child support, food assistance and toll systems. Conduent said its investigation found no ongoing malicious activity and that operations were safely restored after the breach was contained.
Conduent manages technology and payment systems for dozens of state governments, processing roughly $85 billion in annual disbursements and handling more than two billion customer service interactions each year. According to its own estimates, it supports around 100 million residents through various government health and welfare programs.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.