Federal Judge Consolidates Nine Data Breach Lawsuits Against Cognizant Technology Solutions

The consolidation affects plaintiffs across multiple lawsuits filed between February and March 2026, all stemming from a data security incident involving Cognizant Technology Solutions Corporation, a major IT services provider, and its subsidiary TriZetto Provider Solutions, which provides healthcare revenue cycle management software. The consolidated cases include Wolf v. TriZetto Provider Solutions, Whiteside v. TriZetto Provider Solutions, Lee v. Cognizant Technology Solutions Corporation, Patterson v. Cognizant Technology Solutions Corporation, Madoff v. Cognizant Technology Solutions Corporation, Sawyer v. TriZetto Provider Solutions, Vaughn v. Cognizant Technology Solutions Corporation, Buser v. TriZetto Provider Solutions, and Billingslea v. Cognizant Technology Solutions Corporation.

Judge Espinosa's order followed a March 10, 2026 ruling by U.S. District Judge Madeline Cox Arleo that established the framework for consolidation. As Judge Arleo had directed, "any actions related to the Actions that are subsequently filed in or transferred to this District, or to be filed or transferred, shall be consolidated herewith." The plaintiffs' counsel requested the additional consolidations after nine new cases were filed following their initial February 2 letter seeking consolidation.

The wave of litigation suggests the data security incident affected a substantial number of individuals, with plaintiffs represented by multiple law firms filing separate actions in rapid succession throughout early 2026. The cases were filed across a two-month period from February through March, indicating the scope and timing of when affected parties became aware of the breach.

The consolidated action originated as In re: Cognizant/TriZetto Data Security Incident, Civil Action No. 2:25-cv-18908-MCA-AME, with initial plaintiffs including Gayle Burge, Ana Lamaire, Natanya Pope, and Norberto Claudio. The case has been assigned to Judge Arleo with Judge Espinosa serving as the magistrate judge overseeing procedural matters.

Plaintiffs' counsel at Cafferty Clobes Meriwether & Sprengel requested the consolidation in a letter to the court, arguing that the nine additional actions "arise out of the same data security incident" as the existing consolidated proceeding. The firm's request was straightforward, asking the court to "direct the Clerk to consolidate these actions into this consolidated proceeding."

The consolidation order represents standard case management in data breach litigation, where multiple plaintiffs often file similar claims against the same defendants following a security incident. By consolidating the cases, the court can avoid duplicative discovery, conflicting rulings, and inefficient use of judicial resources while ensuring consistent treatment of similar claims.

The details of the underlying data security incident remain unclear from the court filings, though the involvement of both Cognizant and TriZetto suggests the breach may have affected healthcare-related data given TriZetto's role in healthcare revenue cycle management. The timing of the lawsuits, filed primarily in early 2026, suggests the incident likely occurred in late 2025 or early 2026.

With consolidation now complete, the cases will proceed under Judge Arleo's supervision as a single coordinated proceeding, likely leading to consolidated discovery and potentially class certification motions as the litigation develops.