BCBSA A.I CyberSecurity Scoring
BCBSA
Company Information
Website:http://www.bcbs.com
Employees number:5,386
Number of followers:260,104
NAICS:524
Industry Type:Insurance
Homepage:bcbs.com
BCBSA Risk Score (AI oriented)
Between 600 and 649
BCBSAInsurance
Updated:
02/04/2026
02/04/2026
641/1000
Poor
Caa
BCBSA Global Score (TPRM)
xxxx
BCBSAInsurance
Score locked

BCBSAPoor
Current Score
641Caa (POOR)
01000
3 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
649
JUNE 2026
647
MAY 2026
644
APRIL 2026
642
MARCH 2026
639
FEBRUARY 2026
638
JANUARY 2026
635
DECEMBER 2025
632
NOVEMBER 2025
630
OCTOBER 2025
627
SEPTEMBER 2025
624
AUGUST 2025
621
JANUARY 2025
678
Breach
01 Jan 2025 • BCBSA
Blue Cross Blue Shield of Montana (BCBSMT)
Blue Cross Blue Shield of Montana Data Breach via Third-Party Vendor (Conduent)
595
CRITICAL-83
BLU3202332102425
A data breach at Blue Cross Blue Shield of Montana (BCBSMT) was caused by a cyber incident at its third-party vendor, Conduent, which provides back-office services. The breach, detected in January 2025, involved unauthorized access by a threat actor who exfiltrated files containing personal information of 462,000 BCBSMT members. Conduent delayed notifying federal regulators for four months and BCBSMT members for nearly 10 months, raising concerns over compliance with Montana’s breach notification laws. The stolen data included sensitive member information, though Conduent claimed no evidence of it being leaked on the dark web. BCBSMT’s own systems were not directly compromised, but the vendor’s breach exposed member data due to their business relationship. Montana regulators are investigating potential reporting delays, with fines up to $25,000 per violation possible. Conduent incurred $25 million in direct response costs, including cybersecurity forensics and notifications, while maintaining that operations were restored quickly without material disruption.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
NOVEMBER 2024
754
Breach
08 Nov 2024 • BCBSA
Montana Blue Cross-Blue Shield (BCBSMT)
Montana Blue Cross-Blue Shield Data Breach via Third-Party Vendor Conduent
675
CRITICAL-79
BLU1802218102325
Montana Blue Cross-Blue Shield (BCBSMT) suffered a major data breach via a third-party vendor, Conduent, which exposed the private data of 462,000 customers—nearly one-third of Montana’s population. The breach, occurring between November 8, 2024, and March 5, 2025, involved the exfiltration of highly sensitive information, including names, addresses, birth dates, billing and medical data, phone numbers, and other confidential details. While BCBSMT’s own systems remained unaffected, the incident stemmed from Conduent’s cybersecurity lapse, which processed mailroom, payment, and back-office services for the insurer. The breach triggered a state-level investigation by Montana’s Commissioner of Securities and Insurance, citing ‘far-reaching and jaw-dropping consequences’ for residents. Authorities emphasized the violation of trust in safeguarding health and financial data, with potential legal repercussions, including fines up to $25,000 per violation if negligence is proven. As of the report, no customer notifications had been issued by Conduent, heightening concerns over delayed response and exposure risks. The incident underscores critical vulnerabilities in third-party vendor security and the large-scale impact on personal and financial privacy.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
SEPTEMBER 2019
772
Breach
28 Sep 2019 • BCBSA
Blue Cross Blue Shield Association
Blue Cross Blue Shield Association Data Breach via fepblue Mobile App
715
LOW-57
BLU721082025
The California Office of the Attorney General disclosed a data breach affecting Blue Cross Blue Shield Association (BCBSA) in December 2019. The incident stemmed from a programming error in the fepblue mobile app, which inadvertently allowed certain adult members to access summary claims information of other users between September 28, 2019, and October 22, 2019. While the exact number of impacted individuals remains undisclosed, the breach did not expose sensitive data such as Social Security Numbers (SSNs) or financial details. The exposed information was limited to claims summaries, suggesting no direct financial harm or identity theft risk. BCBSA addressed the vulnerability by correcting the error and notifying affected parties, though the incident highlighted gaps in application security and access controls. The breach was classified as unintentional, with no evidence of malicious exploitation by external actors.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for BCBSA ??
What was BCBSA's A.I Rankiteo Cyber Score in June 2026 ??
What was BCBSA's A.I Rankiteo Cyber Score in May 2026 ??
What was BCBSA's A.I Rankiteo Cyber Score in April 2026 ??
What was BCBSA's A.I Rankiteo Cyber Score in March 2026 ??
What was BCBSA's A.I Rankiteo Cyber Score in February 2026 ??
What was BCBSA's A.I Rankiteo Cyber Score in January 2026 ??
What was BCBSA's A.I Rankiteo Cyber Score in December 2025 ??
What was BCBSA's A.I Rankiteo Cyber Score in November 2025 ??
What was BCBSA's A.I Rankiteo Cyber Score in October 2025 ??
What was BCBSA's A.I Rankiteo Cyber Score in September 2025 ??
What was BCBSA's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on BCBSA's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with BCBSA ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view BCBSA's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?