MO| The Missouri Department of Commerce and Insurance issued Bulletin 26-05 advising all regulated entities about a cybersecurity breach at Conduent Business Services, LLC, a vendor providing printing, document processing, and other back-office services to insurers, after discovering unauthorized access to part of its network from October 21, 2024, to January 13, 2025, involving files containing names, addresses, and Social Security numbers. Conduent has notified insurers, members, and law enforcement, and is offering affected members 12 months of free credit monitoring and identity restoration services, with an enrollment deadline of April 30, 2026. The Department strongly encourages any insurer or regulated entity that uses Conduent to determine whether its members were affected, ensure members have been notified, post information and the enrollment deadline on their websites, and provide a contact point for member inquiries.
The bulletin also reminds regulated entities of their obligation to report cybersecurity incidents to the Director in accordance with prior Insurance Bulletins 23-04 and 26-01, section 407.1500 RSMo, and the Insurance Data Security Act, and provides separate contact information for Conduent’s dedicated assistance line and the Department’s Market Conduct Section.