Back to Research
Conduent Data Breach: 25+ Million Americans Impacted in One of the Largest U.S. Cyber Incidents
2026-02-24
incident-analysis

Conduent Data Breach: 25+ Million Americans Impacted in One of the Largest U.S. Cyber Incidents

How a third-party government contractor breach escalated into a multi-state crisis involving healthcare data, regulatory probes, and potential class actions.

What began as a "limited network incident" in early 2025 has now expanded into what officials are calling potentially the largest government-related data breach in U.S. history.

Conduent Business Services, LLC—a major government technology and business process outsourcing (BPO) provider—confirmed that an unauthorized third party accessed its systems between October 21, 2024, and January 13, 2025.

That access window lasted nearly three months.

During that time, files containing sensitive personal and medical information tied to clients across multiple states were exfiltrated. New state-level filings now indicate the number of impacted individuals may exceed 25 million Americans—and the total could still rise.

What Happened?

According to Conduent's official notification letter, the company discovered the incident on January 13, 2025, after identifying suspicious activity affecting a limited portion of its network.

Upon discovery, Conduent immediately:

  • Secured affected systems.
  • Engaged third-party forensic investigators.
  • Notified law enforcement.
  • Began data analysis to determine impacted individuals.

From the official notification letter:

"An unauthorized third party had access to our environment from October 21, 2024, to January 13, 2025, and obtained some files associated with [Client Name]."

While the company states it has no evidence of actual misuse of personal information at this time, the sheer volume of data taken has raised alarms nationwide.

👉 View the Official Conduent Data Breach Notification Letter (PDF)

The Scope: Why This Breach Is So Significant

Early estimates significantly understated the scale of the intrusion. Recent regulatory disclosures have revealed staggering numbers:

  • Texas: 15.4 million affected (revised up from an initial 4 million estimate).
  • Oregon: 10.5 million affected.
  • Other States: Additional notices have been filed across Delaware, Massachusetts, New Hampshire, Georgia, South Carolina, New Jersey, Maine, and New Mexico.

Combined figures already exceed 25 million people. Texas Attorney General Ken Paxton has launched a formal investigation, stating:

"The Conduent data breach was likely the largest breach in U.S. history."

While seemingly smaller than the 2024 Change Healthcare breach (193M affected), this incident ranks among the largest government-contractor breaches ever disclosed.

Who Is Conduent—And Why This Matters

As a critical third-party vendor for government and healthcare clients, the Conduent breach is a case study in the widespread impact of third-party risk.As a critical third-party vendor for government and healthcare clients, the Conduent breach is a case study in the widespread impact of third-party risk.

Conduent is not a consumer-facing tech company. It operates deep in the background of the U.S. infrastructure, handling:

  • Healthcare claims processing
  • Government benefit administration
  • Payment processing and tolling
  • Secure mailroom services

Reportedly impacted clients include:

  • Blue Cross Blue Shield entities
  • Major healthcare insurers
  • State government programs
  • Large corporate accounts

This makes the breach particularly serious. It isn't just a single company's data at risk; it exposes the dangers of third-party vendor concentration. When one major processor is hit, the ripple effect is felt by millions of citizens across dozens of different services.

What Data Was Potentially Exposed?

According to claims made by ransomware groups and subsequent regulatory reporting, the stolen data profile is highly sensitive:

  • Full names
  • Social Security numbers
  • Physical addresses
  • Dates of birth
  • Medical information
  • Health insurance details

The ransomware group Safepay claimed responsibility for the attack, stating they stole 8–8.5 terabytes of data. The group allegedly posted the breach on its dark web leak site in early 2025. Conduent has not publicly confirmed the specific data volume claimed by the attackers.

Timeline of the Incident

  • October 21, 2024 – January 13, 2025: Unauthorized access occurs within a "limited portion" of Conduent’s network.
  • January 13, 2025: Incident discovered. Systems secured and forensic investigation initiated.
  • April 9, 2025: SEC Form 8-K filed, officially disclosing data exfiltration and potential notification costs.
  • Late 2025 – February 2026: Notification letters sent to affected individuals on behalf of corporate and state clients.
  • February 2026: Texas AG investigation announced. Class action lawsuits begin mounting.

Financial and Legal Fallout

The costs of this breach are mounting rapidly. Conduent’s filings estimate approximately $25 million in non-recurring costs related to:

  • Forensic investigations
  • Consumer notification letters
  • Call center support
  • Legal defense
  • Credit monitoring services

Legal Pressure: Multiple class action lawsuits have already been filed alleging negligence, failure to safeguard sensitive information, and breach of contract. Regulatory Exposure: The company faces potential scrutiny from State Attorneys General, HIPAA compliance auditors, and the FTC.

What Affected Individuals Should Do

If you receive a notification letter, Conduent advises taking the following steps immediately:

  1. Monitor Credit Reports: Check for unauthorized accounts or inquiries.
  2. Place a Fraud Alert: Contact one of the three major credit bureaus.
  3. Consider a Credit Freeze: This locks your credit file so no new accounts can be opened.
  4. Enable Multi-Factor Authentication: Secure your existing accounts.
  5. Watch for Phishing: Be suspicious of emails or calls claiming to be from Conduent or your insurer.

You can request free annual credit reports at: www.annualcreditreport.com

Final Thoughts

The Conduent breach is more than just a cybersecurity statistic; it is a wake-up call regarding supply chain risk.

If confirmed at current levels, this breach will reshape vendor security expectations across insurance, healthcare, and government contracting. For millions of Americans, it may also become a long-term identity protection issue. As investigations continue, transparency and regulatory outcomes will determine how this incident ultimately defines Conduent’s future.

Disclaimer: This article is for informational and cybersecurity awareness purposes only. Information is based on publicly available filings, media reports, and official notices at the time of writing.