Montana Opens Probe Into Blue Cross Blue Shield of Montana Over Vendor Breach Potentially Exposing 462,000

Overview

• State Auditor James Brown launched a regulatory investigation into whether Blue Cross Blue Shield of Montana met its obligations following a third-party data breach.
• BCBSMT says a Conduent cyber incident affected some member data and that its own systems were not compromised.
• The insurer told regulators it is notifying affected customers and offering credit monitoring, though the auditor’s office says it has not confirmed those actions.
• BCBSMT reported that data potentially exposed between November 8, 2024, and March 5, 2025, includes names, contact details, dates of birth, and medical and billing information for up to 462,000 people.
• Conduent told the SEC a threat actor accessed its environment on January 13, 2025 and exfiltrated client-related files, and the company says it has no evidence the data was publicly posted; state officials urged consumers to review Explanation of Benefits statements and report suspicious activity.