JEFFERSON CITY, Mo. — Today, the Missouri Department of Commerce and Insurance (DCI) issued Bulletin 26-08, requesting insurance companies to share information about any services utilized through Conduent Business Services or its affiliates following the recently disclosed cybersecurity breach.
Conduent is a major vendor that provides document processing services, including receipt of insurance claim forms, payment integrity services, and other back-office support services to a variety of entities, including insurers.
“We are concerned and disappointed that Conduent has not provided sufficient information for regulators to fully assess the potential impact of this breach,” DCI Director Angela Nelson said. “Clear and timely communication is critical in these situations, and we are continuing to seek the details needed to evaluate any risk to Missouri insurance consumers.”
According to media reports, Conduent discovered in January 2025 that an unauthorized third party had access to a portion of its network from Oct. 21, 2024, to Jan. 13, 2025. The affected files contained names, addresses, social security numbers and medical records. The full scope of the breach remains under investigation, but some reports suggest that tens of millions of Americans – potentially 25 million or more – could be affected.
Since the issuance of Bulletin 26-05 on March 17, 2026, DCI has been in direct contact with Conduent to better understand the breach and its impact on Missouri insurance consumers, and to ensure that Missourians receive the identity protection assistance they deserve. To date, Conduent has been unwilling to provide the department with the information needed to assess the impact of what is reportedly one of the largest cybersecurity breaches in U.S. history.
To help guide the department’s response, Bulletin 26-08 requests insurers to share information about any Conduent services utilized, or those of its affiliates, prior to or during the time period of the breach, as well as the nature of those services.
DCI also urges consumers to remain alert and take proactive steps to safeguard their personal information as the investigation continues.
“We are committed to using every tool available to understand the scope of this incident and to ensure Missourians have the information and resources needed to protect themselves," Director Nelson said.
Consumers who received notification letters from Conduent regarding the breach should review those communications carefully and continue to monitor their financial and credit activity. While the deadline to enroll in some complimentary services has passed, individuals are still encouraged to take steps to protect their personal information, monitor financial accounts, check credit reports and consider fraud alerts or credit freezes.
Questions relating to the Conduent cybersecurity breach may be directed to Conduent’s dedicated toll-free assistance line at 877-332-1658, Monday through Friday from 9 a.m. to 9 p.m. ET.
DCI is charged with protecting Missouri consumers through oversight of the insurance industry, banks, credit unions, utilities and various professional licensees operating in the state. For more information about the department, please visit our website at dci.mo.gov.