MO| The Missouri Department of Commerce and Insurance issued Insurance Bulletin 26-08 on May 5, 2026, as an addendum to Bulletin 26-05, to address the Conduent Business Services, LLC cybersecurity breach and its impact on Missouri-regulated entities and consumers. Conduent, which provides document processing, payment integrity, and back-office services to insurers and others, discovered on January 13, 2025 that an unauthorized third party had accessed part of its network from October 21, 2024 to January 13, 2025, exposing files containing names, addresses, Social Security numbers, and medical records, with media estimates that 25 million or more Americans may have been affected.
The Department reports that despite ongoing contact since Bulletin 26-05, Conduent has been unwilling to provide sufficient information for the Department to assess the breach’s impact on Missouri insurance consumers, prompting the Department to:
- remind all regulated entities to review and comply with the steps in Bulletin 26-05,
- request that any insurer or regulated entity that used Conduent or its affiliates during the breach period contact the Market Conduct Section and disclose the nature of services received, and
- reiterate entities’ obligations to report cybersecurity events to the Director using the Department’s online notification form and related guidance in Insurance Bulletins 26-01 and 23-04, Section 407.1500 RSMo, and the Insurance Data Security Act, while also providing contact channels for questions to both the Department (cyberbreach@insurance.mo.gov, marketconduct@insurance.mo.gov) and Conduent.