Cognizant Faces Surge in Class-Action Lawsuits Over TriZetto Data Breach That Lasted Nearly a Year

Cognizant Faces Surge in Class-Action Lawsuits Over TriZetto Data Breach That Lasted Nearly a Year

Breach Timeline Exposes Critical Gaps in Cybersecurity Oversight

Look, this isn’t just another data breach. This one’s got teeth. Cognizant Technology Solutions is now under fire from a wave of class-action lawsuits over a prolonged security failure at its healthcare claims processing arm, TriZetto Provider Solutions (TPS). The legal actions were filed in late December 2025—right in the middle of a quiet season for court filings—and they’re coming out of federal courts in New Jersey and Missouri.

The core of the complaint? At least 100 people across multiple states had their personal data exposed for nearly a full year. The breach started as early as November 2024 and wasn’t caught until October 2, 2025. That’s 13 months of silence.

And here’s where it gets unsettling: the company didn’t just miss the breach. They didn’t even notice it. According to court documents obtained by Bloomberg Law, hackers got into TPS systems during the fourth quarter of 2024—then just… vanished from view. No alarms. No alerts. No one saw it coming.

That’s not just bad luck. That’s a breakdown. It raises questions about whether Cognizant actually has a working cybersecurity system—or if it’s just papering over the cracks with fancy-sounding terms like “proactive monitoring” and “real-time threat detection.”

Plaintiffs Claim Systemic Failures in Notification and Transparency

Now, let’s talk about what the people affected are saying.

They’re not just mad because their data got leaked. They’re furious because Cognizant didn’t tell them anything that mattered.

The official statements? Vague. Generic. Like a corporate memo written by someone who’s never seen a data breach. No details on what was stolen. No explanation of how it happened. No concrete steps taken to stop it or fix it.

That’s a problem. Because when you’re dealing with Social Security numbers, bank account info, and your home address—especially in healthcare, where people already share deeply personal medical and financial histories—being left in the dark is like walking into a storm without a map.

The plaintiffs argue that Cognizant had both the tools and the responsibility to catch this earlier. But instead of acting fast, they waited. And waited. And waited.

And when they finally did respond? It was like a polite but empty apology.

A Growing Concern in Healthcare IT Security

This isn’t an isolated case. It’s part of a bigger pattern in healthcare tech.

TPS handles claims for insurers and providers—meaning it sees everything from prescription details to income levels. That’s a lot of sensitive data. And when that data is sitting in a system that’s not being watched, it’s like leaving a front door open to a whole neighborhood.

A breach that lasts over a year? That’s not just a glitch. That’s a systemic failure.

The reality is, Cognizant may have been relying on outdated tools, skipping regular penetration tests, or not setting up real-time anomaly detection. In a sector where HIPAA compliance is non-negotiable, this kind of negligence isn’t just risky—it’s reckless.

And if regulators find out, they’re not going to be kind.

Company Response: Apology Without Accountability

So what did Cognizant say?

A TriZetto spokesperson issued a statement: “We take the protection of information very seriously and regret any inconvenience this incident may have caused.”

That’s all.

No numbers. No timeline. No explanation. No plan.

And here’s the thing—this kind of response doesn’t just disappoint victims. It makes them feel like they’re being treated like a footnote.

Dr. Elena Martinez, a cybersecurity professor at the University of Illinois, put it bluntly: “A public apology without accountability, transparency, or a clear action plan is not enough. Victims need to know not just that something went wrong, but how it happened, who was responsible, and what will change to prevent recurrence.”

Cognizant hasn’t shared how much money the breach cost. They haven’t even confirmed how many people were actually affected.

That silence? That’s just as damaging as the breach itself.

What Comes Next?

The lawsuits could go far beyond just compensation. If they win, Cognizant might have to pay millions—maybe even tens of millions—to the people whose data was exposed.

And more than that, this case could set a new standard for how healthcare IT companies are held responsible.

Federal regulators might start looking harder at cybersecurity practices in claims processing. Because when you’re handling financial and personal data, it’s not just about compliance. It’s about trust.

And trust isn’t something you build overnight. It’s something you lose in a single, quiet moment.

Right now, the breach is a stark reminder: even the most trusted tech firms aren’t immune to cyberattacks. And when they fail to act—when they let a breach go unnoticed for over a year—there’s no such thing as a “small” consequence.

It’s not just legal. It’s ethical. It’s human.

And that’s what makes this case so serious.