Texas AG Demands Info on Massive Conduent Data Breach

Paxton seeks details from BCBS and Conduent on breach impacting 4 million Texans

Published on Feb. 14, 2026

Got story updates? Submit your updates here. ›

Texas Attorney General Ken Paxton has issued Civil Investigative Demands to Blue Cross Blue Shield of Texas (BCBS) and Conduent Business Services, LLC as part of an investigation into a major data breach that exposed the sensitive personal information of approximately 4 million Texans. The breach, which Paxton called "the largest data breach in U.S. history", occurred between October 2024 and January 2025 when an unauthorized third party gained access to Conduent's data systems.

Why it matters

This breach is a major privacy and security concern for Texans, many of whom had their names, social security numbers, medical information, and health insurance details exposed. Paxton is seeking to uncover whether BCBS or Conduent were negligent in their handling of this sensitive data, and to take action to protect Texas families from future breaches of this scale.

The details

According to Conduent, the company discovered the "cyber incident" on January 13, 2025 and immediately secured its networks and launched an investigation. The breach exposed files containing personal information for current and former health plan members, including names, social security numbers, medical information, and health insurance details. Paxton's office is now demanding documents and information from both BCBS and Conduent related to their compliance with state laws, Conduent's security measures, and communications about the incident.

  • The data breach occurred between October 21, 2024 and January 13, 2025.
  • Conduent discovered the breach on January 13, 2025.

The players

Ken Paxton

The Attorney General of Texas who is leading the investigation into the Conduent data breach.

Blue Cross Blue Shield of Texas (BCBS)

A major health insurance provider in Texas that received data from Conduent and is now being investigated by the Texas AG's office.

Conduent Business Services, LLC

A business services company that suffered a major data breach impacting approximately 4 million Texans.

Got photos? Submit your photos here. ›

What they’re saying

“The Conduent data breach was likely the largest breach in U.S. history. If any insurance giant cut corners or has information that could help us prevent breaches like this in the future, I will work to uncover it. Texans deserve to know that their private health information is being handled responsibly and in full compliance with the law. My office is committed to uncovering exactly what went wrong, taking action to protect Texas families, and ensuring there is justice for any negligence.”

— Ken Paxton, Attorney General of Texas (KXAN)

“From the outset of this incident, we acted promptly and in alignment with incident‑response protocols to contain and investigate the issue. We engaged leading third‑party cybersecurity experts, disclosed the incident through an 8-K filing, notified clients and relevant authorities, and worked to support those impacted by the event, including most recently sending notifications on clients' behalf. To date, there is no evidence that any underlying data has been misused, posted, or made publicly available, and we continue to monitor closely.”

— Conduent (KXAN)

“We're aware that Conduent discovered they were the victim of a cyber incident. Conduent is a BCBSTX third-party service provider that offers mailroom, payment and other back-office support services. We received data from Conduent and through our data evaluation, we've determined there was BCBSTX member impact as a result of Conduent's cyber incident. Blue Cross and Blue Shield of Texas systems were not impacted by this incident.”

— BCBS (KXAN)

What’s next

The Texas Attorney General's office will continue its investigation into the Conduent data breach, seeking documents and information from both Conduent and BCBS to determine if any negligence or wrongdoing occurred.

The takeaway

This massive data breach highlights the importance of robust cybersecurity measures and strict data handling protocols, especially for companies entrusted with sensitive personal and medical information. The Texas AG's investigation will aim to hold any responsible parties accountable and implement safeguards to prevent similar large-scale breaches in the future.