What is the basis of the class action complaint?

The new class action complaints arise from an alleged data breach that occurred nearly a year ago, around November 2024, when unauthorised individuals infiltrated TriZetto’s network systems. The company identified the breach on October 2, 2025. The complaints allege that the companies failed to properly implement data security practices and failed to audit, monitor, or ensure the integrity of their data security systems. They also allege that the companies failed to comply with security mandates under the Federal Trade Commission (FTC) and the Health Insurance Portability and Accountability Act (HIPAA).

Who are the parties, and where are the cases filed?

Currently, two class action complaints have been filed in the United States. One has been filed in the District Court for the District of New Jersey against Cognizant Technology Solutions and its subsidiary, TriZetto Provider Solutions. Another has been filed in the Eastern District of Missouri against Cognizant and Blue Cross Blue Shield of Rhode Island.

TriZetto operates in the healthcare space, providing software services to healthcare providers and insurers, including automating patient eligibility checks and claims processing. One of the class action complaints in New Jersey has been instituted by Lisa Scorpio, while the other has been filed by Liam Lytle, Maricruz Jimenez, and Carson Noel. Both complaints have also been instituted on behalf of other individuals who were allegedly affected by the data breach.

What are the details of the data breach?

The alleged cyberattack referenced in the lawsuits relates to a data breach that occurred around November 2024, involving unauthorised access to TriZetto’s network systems. However, TriZetto identified the breach only recently, around October 2, 2025.

According to the complaints, the breach resulted in cyber attackers gaining access to unencrypted personally identifiable information stored within the company’s systems. The complaints also allege that the company has not issued any public disclosure regarding the data breach and failed to notify individuals whose data was affected by the incident.

What relief are the plaintiffs seeking?

The lawsuits seek certification of the cases as class actions and request directions requiring Cognizant and TriZetto to engage independent third-party security auditors and penetration testers, as well as internal security personnel, to conduct periodic testing, including simulated attacks, penetration tests, and audits of their systems. The suits also seek orders directing the companies to promptly address and rectify any issues identified by such audits.

In addition, the plaintiffs are seeking appropriate monetary relief, including actual damages, statutory damages, nominal damages, equitable relief, and restitution related to the data breach.