Texas AG Investigates Blue Cross, Conduent Data Breach

Detected February 12th, 2026

Summary

Texas Attorney General Ken Paxton has issued Civil Investigative Demands to Blue Cross Blue Shield of Texas and Conduent Business Services LLC regarding a data breach affecting approximately four million Texans. The investigation focuses on the security of protected health information accessed by a third party.

View original document View source feed page

What changed

Texas Attorney General Ken Paxton has initiated an investigation into a significant data breach affecting Blue Cross Blue Shield of Texas (BCBS) and Conduent Business Services LLC. The investigation, prompted by a breach of Conduent's systems between October 21, 2024, and January 13, 2025, involves Civil Investigative Demands (CIDs) issued to both entities. The breach exposed the protected health information of approximately four million Texans, including Medicaid recipients, and is being scrutinized for potential negligence and compliance failures with state law.

Regulated entities, particularly those in the healthcare and insurance sectors operating in Texas, should be aware of this investigation. BCBS and Conduent are required to provide documents and information related to their security measures, communications, and compliance efforts. While no specific penalties are detailed, the Attorney General's office has indicated a commitment to uncovering what went wrong and ensuring accountability, suggesting potential legal action or sanctions if negligence is found. This action underscores the heightened scrutiny on data security practices for health information in the state.

Source document (simplified)

Attorney General Ken Paxton issued Civil Investigative Demands (“CIDs”) to Blue Cross Blue Shield of Texas (“BCBS”) and Conduent Business Services LLC (“Conduent”), demanding documents and information pertinent to the investigation of the Conduent data breach that exposed the sensitive personal data of approximately four million Texans.

The Office of the Attorney General is investigating the breach of Conduent’s system security that occurred between October 21, 2024 through January 13, 2025. During the breach, an unauthorized third-party accessed the protected health information of Texas residents, including Texas Medicaid recipients.

“The Conduent data breach was likely the largest breach in U.S. history. If any insurance giant cut corners or has information that could help us prevent breaches like this in the future, I will work to uncover it,” said Attorney General Paxton. “Texans deserve to know that their private health information is being handled responsibly and in full compliance with the law. My office is committed to uncovering exactly what went wrong, taking action to protect Texas families, and ensuring there is justice for any negligence.”

BCBS is one of the multiple entities affected by the Conduent data breach. As part of the investigation, Attorney General Paxton is demanding documents and evidence of BCBS’s compliance with state law in efforts to protect confidential information. Conduent’s security measures, communications, and compliance with Texas law are also under investigation.