In a significant legal move, a class-action lawsuit has been filed against a prominent business process outsourcing and technology company over a massive data breach that compromised sensitive personal information. The complaint was lodged by plaintiffs James Hurd and Brandt Pettersen in the United States District Court for the District of New Jersey on November 17, 2025, targeting Conduent Business Services, LLC. This case underscores the critical need for robust data security measures in an era where cyber threats are increasingly prevalent.
The lawsuit stems from an unauthorized access incident that began on October 21, 2024, when cybercriminals infiltrated Conduent’s network. This breach resulted in the theft of personally identifiable information (PII), including names, addresses, dates of birth, and Social Security numbers of individuals whose data was maintained by Conduent on behalf of clients like Blue Cross and Blue Shield of Illinois (BCBSI). Plaintiffs Hurd and Pettersen allege that Conduent’s negligence in implementing adequate data security measures led to this breach. “None of this would have occurred if Conduent had implemented reasonable data security measures,” states the complaint.
The plaintiffs claim that they have suffered concrete injuries due to the breach. For instance, James Hurd experienced multiple incidents of identity theft following the breach, with unauthorized attempts to take out loans using his personal information reported from various financial institutions such as OneMain Financial and Avant. Both plaintiffs argue that they were unaware their PII was being handled by Conduent until they received breach notifications on November 4, 2025. They assert that Conduent failed to inform them about its possession of their PII or its subsequent exposure due to inadequate cybersecurity protocols.
Hurd and Pettersen seek damages for their injuries and demand injunctive relief to ensure future protection of their data stored by Conduent. They accuse the company of violating Section 5 of the FTC Act by not adhering to industry standards for safeguarding PII. The plaintiffs are pushing for certification of their proposed class action, representing all U.S. residents affected by this breach—estimated at around 10.5 million individuals—and seek restitution or disgorgement alongside other forms of relief deemed appropriate by the court.
Representing Hurd and Pettersen are attorneys Neil Grossman from Bronstein, Gewirtz & Grossman LLC; Michael J. Boyle Jr.; and Peretz Bronstein—all seasoned litigators in complex cases involving data breaches. The case is presided over under Civil Action No: 2:25-cv-17620.
Source: 225cv17620_Hurd_v_Conduent_Business_Services_LLC_Complaint_District_New_Jersey.pdf
