Over 10.5 Million Affected in Conduent Data Breach

WASHINGTON — More than 10.5 million individuals are being notified by Conduent Business Services of a significant data breach. The breach occurred when unauthorized third parties accessed the company’s network, starting on October 21, 2024, and remaining undetected until January 13, 2025.

Conduent, which provides services including medical billing and payment processing for government agencies, has filed reports with state attorney general offices detailing the incident. The breach has affected customers across multiple states, including over 4 million in Texas and 76,000 in Washington.

The customer notifications sent out in October 2025 state that the hackers stole sensitive information that may include names, Social Security numbers, dates of birth, medical details, and health insurance information. This breach ranks as the eighth largest in healthcare history, according to reports from HIPPAJournal.com.

In February 2025, the SafePay ransomware group claimed responsibility for the breach, stating they had stolen 8.5 terabytes of data. Conduent has been cooperating with investigators and has employed a review team to analyze the affected files.

Despite the extent of the breach, Conduent has not offered identity theft protection services to affected customers. Instead, their notifications encourage individuals to obtain free credit reports and consider placing freezes on their credit as protective measures.

“Upon discovery of the incident, we safely restored our systems and operations and notified law enforcement,” Conduent stated in its customer notice. As of now, the company claims it has not found evidence of the stolen data being used for fraudulent activities.