CHATTANOOGA, Tenn. — Dozens of BlueCross BlueShield of Tennessee members are among thousands of people affected by a massive data breach tied to Conduent Business Services that has led to multiple class action lawsuits, according to legal filings and consumer alerts.
Conduent, a third-party company that provides back-office support services including printing, mailroom and document processing, said an unauthorized party accessed part of its network from October 21, 2024, to January 13, 2025.
The company says it only recently completed a detailed review of affected files, which contained personal information for people whose data Conduent processes for its clients, including insurers.
One of our local viewers shared a notice from Conduent’s insurer explaining the breach. The letter says the affected files included members’ names, addresses, dates of birth and Social Security numbers. The company says it is not aware of any attempted or actual misuse of the personal information as of now.
One of our local viewers shared a notice from Conduent’s insurer explaining the breach with BlueCross BlueShield of Illinois, saying the potential exists for customers in Tennessee to be affected.
The letter says the affected files included members’ names, addresses, dates of birth and Social Security numbers. The company says it is not aware of any attempted or actual misuse of the personal information as of now.
“What is unusual about this data breach, in my experience, is the fact that it took over a year to begin reporting it to the general public.”
Brian Flick, an attorney at Dann Law, is representing a plaintiff who is one of dozens now suing Conduent.
“The information that was taken for right now they believe is publicly available is over ten and a half million people.”
The letter from Conduent says BCBS files were accessible from the end of October 2024 to the middle of January 2025: almost three months. Something flick says is not typical in data breaches.
“What was taken when? But also, how did you not have systems in place to know that this may be going on?”
For now, Flick says BCBS and Conduent are the only two companies involved.
But that number could grow….
“I think it’s very reasonable to say that number may increase as subsequent investigations are done.”
Ryan McGee is a class action attorney at Morgan & Morgan who focuses on data privacy.
“That can be any kind of financial fraud. It can be healthcare fraud.”
Conduent claims there hasn’t yet been any indication of actual misuse of the personal information that was accessed.
“But then we also have the time spent to address it immediately, and then the time that it takes to lock your accounts, to go through and monitor your accounts for, you know, the months or even years afterward.”
Frick says with breaches like this, misuse of that information typically starts around 12 to 18 months after it was accessed.
“If people were starting to notice anything bizarre or weird or funky on their credit reports or their financial accounts, now would be about the time.”
According to court records and filings{ }reported by Top Class Actions, at least 9 class action lawsuits have been filed seeking compensation for people whose records were exposed.{ }
If you got a notice from Conduent or BlueCross BlueShield of Tennessee, you may be eligible to join one of the class actions.{ }{ }File photo: Getty Images.
According to court records and filings reported by Top Class Actions, at least 9 class action lawsuits have been filed seeking compensation for people whose records were exposed in this breach.
If you got a notice from Conduent or BlueCross BlueShield of Tennessee, you may be eligible to join one of the class actions.
Attorneys handling the lawsuits are seeking damages on behalf of affected people and may provide updates on deadlines for joining. Reviewing the notices you received and speaking with a lawyer can help clarify your options.
Experts recommend that anyone affected by the breach consider placing a fraud alert or credit freeze with the credit bureaus, regularly check financial statements and credit reports for unusual activity, and be cautious of unsolicited communications that ask for personal information.
Conduent says it is offering two years of free credit monitoring and identity restoration services through a third-party provider. The letter encourages recipients to enroll by March 31st, 2026, and outlines additional steps people can take to protect themselves, including monitoring credit reports and remaining alert for signs of identity theft.
Depend on us to keep you posted on developments in this case and what it means for families in Tennessee.
