What You Need to Know about the Conduent Data Breach

Conduent, Inc. is a major business process services company headquartered in Florham Park, New Jersey. Founded in 2017 as a spin-off from Xerox Corporation, the company provides technology-enabled business solutions to government agencies and Fortune 100 companies across 22 countries. With approximately 56,000 employees and $3.4 billion in annual revenue, Conduent manages critical back-office operations, including medical billing, Medicaid administration, child support payment systems, toll transactions, and food assistance programs.

The company plays a vital role in the United States healthcare and social services infrastructure, supporting approximately 100 million residents across 46 states through various government health programs. Conduent processes roughly $85 billion in annual disbursements and handles over 2 billion customer service interactions every year. Because of this extensive reach, when Conduent experiences a cybersecurity incident, the impact affects millions of Americans who may never have heard of the company but whose sensitive information Conduent handles on behalf of state agencies and healthcare providers.

In January 2025, Conduent discovered a significant cybersecurity incident that compromised its network systems. The ransomware attack, claimed by the SafePay cybercriminal group, reportedly resulted in the theft of approximately 8.5 terabytes of sensitive data. What initially appeared to affect approximately 4 million people in October 2025 has since ballooned into one of the largest healthcare data breaches in U.S. history, ranking as the eighth-largest on record. As of February 2026, over 25 million Americans are now confirmed to be impacted.

The breach exposed highly sensitive information, including names, Social Security numbers, dates of birth, medical records, health insurance details, and treatment information. In Texas alone, more than 15.4 million individuals were affected. Oregon reported another 10.5 million affected residents. Affected individuals include patients of Blue Cross Blue Shield of Texas, Blue Cross Blue Shield of Montana, Premera Blue Cross, Humana, and participants in state-run Medicaid programs, child support systems, and food assistance programs.

When Was the Conduent Data Breach?

The Conduent data breach began on October 21, 2024, when unauthorized individuals first gained access to the company's network. However, the intrusion went undetected for nearly three months, giving cybercriminals ample time to exfiltrate massive amounts of sensitive data from Conduent's systems without triggering security alerts.

Conduent discovered the breach on January 13, 2025, after detecting what it described as an "operational disruption" affecting its network. The discovery came only after several states reported service outages disrupting critical government programs. In Wisconsin, for instance, parents and beneficiaries were unable to process child support payments due to system downtime.

Upon discovering the intrusion, Conduent immediately engaged third-party cybersecurity experts to investigate the incident. The investigation confirmed that hackers had maintained unauthorized access from October 21, 2024, until the network was secured on January 13, 2025. During this nearly three-month window, they exfiltrated files containing personal and protected health information associated with Conduent's government and corporate clients.

The SafePay ransomware group publicly claimed responsibility for the attack in February 2025, threatening to publish 8.5 terabytes of stolen data unless a ransom was paid. Conduent is no longer listed on the SafePay leak site as of early 2026, though the company has not disclosed whether it paid the ransom. SafePay is a relatively new ransomware operation that emerged in late 2024 and has since become one of the most active ransomware groups globally.

Notification letters to affected individuals began in October 2025, nearly one year after the initial breach occurred. The initial reports suggested approximately 4 million people in Texas and 10.5 million nationwide were affected. 

However, as Conduent's investigation progressed, the victim count grew dramatically. By February 2026, the number in Texas alone had surged to over 15.4 million, representing more than half of the state's population.

How to Check If Your Data Was Breached

If you were affected by the Conduent data breach, you should have received a notification letter by mail. Conduent began sending these letters in October 2025, and expects to complete all consumer notifications by April 15, 2026. However, if you think your information may have been exposed but have not received a letter, there are several ways to check:

• Monitor your explanation of benefits (EOB) statements from your health insurance provider for medical services, procedures, or prescriptions you did not receive. Fraudulent claims could indicate your health information was compromised.
• Check your credit reports from all three major credit bureaus for unfamiliar accounts, unauthorized credit inquiries, or addresses you have never lived at. You are entitled to one free credit report from each bureau annually at AnnualCreditReport.com.
• Use reliable data breach-check websites to see if your email address or phone number has appeared in known data leaks or is circulating on the dark web.
• Be alert for an unusual increase in spam emails, text messages, or phone calls, particularly those claiming to be from Conduent, your health insurance provider, or government agencies.
• Review your bank and credit card statements for unauthorized charges or suspicious transactions.

What to Do If Your Data Was Breached

If you received a notification letter confirming your information was exposed, take immediate action. Conduent is offering affected individuals two years of free credit monitoring and identity restoration services through a third-party provider. You must enroll by March 31, 2026. This is a firm deadline, and enrollment windows are typically non-negotiable. The services include dark web monitoring, credit report tracking from all three bureaus, identity theft insurance, and fully managed identity recovery assistance.

Importantly, accepting free credit monitoring does not waive your right to participate in class action lawsuits or recover cash compensation if settlements are reached in the future.

Consider placing a fraud alert on your credit file with one of the three major credit bureaus. When you place a fraud alert with one bureau, it will notify the other two. A fraud alert makes it more difficult for identity thieves to open new accounts in your name, as creditors must verify your identity before extending credit. Fraud alerts are free and remain active for one year.

For stronger protection, consider placing a credit freeze on your credit reports with Experian, Equifax, and TransUnion. A credit freeze prevents new creditors from accessing your credit report, making it nearly impossible for thieves to open new accounts in your name. Credit freezes are free and remain in place until you choose to lift them.

If your Social Security number was compromised, be especially vigilant for tax-related fraud. Identity thieves may attempt to file fraudulent tax returns in your name. Consider filing your tax return as early as possible each year, and request an Identity Protection PIN (IP PIN) from the IRS for added security.

Be extremely cautious of phishing attempts. Cybercriminals may use the stolen data to craft convincing emails, text messages, or phone calls pretending to be from legitimate organizations. Always verify the identity of anyone contacting you about the breach through an independent communication channel before providing any information.

Are There Any Lawsuits Because of the Data Breach?

Yes. As of February 2026, at least 10 federal class action lawsuits have been filed against Conduent Business Services in the U.S. District Court for the District of New Jersey. The lawsuits have been consolidated under Judge Michael A. Hammer. On December 22, 2025, Judge Hammer appointed an eight-member Plaintiffs' Steering Committee to coordinate the litigation.

The lawsuits claim Conduent was negligent in failing to implement adequate cybersecurity safeguards to protect sensitive information. Plaintiffs argue that as a business associate under HIPAA, Conduent had a legal duty to implement industry-standard security measures. The complaints also take issue with the nearly 10 months it took to notify most affected individuals after the breach was discovered.

The lawsuits assert claims including negligence, breach of contract, violations of the Federal Trade Commission Act, and violations of state consumer protection laws. The complaints seek compensatory damages, statutory damages, punitive damages, and court orders requiring Conduent to implement enhanced cybersecurity measures.

No settlement has been reached as of February 2026. If you received a Conduent data breach notification letter, you are automatically part of the class action lawsuits unless you choose to opt out. Accepting the free credit monitoring services does not prevent you from participating in the class action or recovering compensation if a settlement is reached.

Can My Conduent Information Be Used for Identity Theft?

Yes. The information exposed in the Conduent data breach can be used for identity theft and various forms of fraud. The breach compromised some of the most sensitive categories of personal information, including names, Social Security numbers, dates of birth, medical records, health insurance details, and addresses.

With your Social Security number, thieves can open new credit card accounts, apply for loans, establish utility services, or secure employment while impersonating you. They may also file fraudulent tax returns in your name to claim tax refunds. Because Social Security numbers are permanent identifiers, the risk posed by their exposure persists indefinitely.

Your health insurance information is particularly valuable to criminals. With your health insurance details, thieves can obtain prescription medications, receive medical treatments, or undergo procedures in your name. When this happens, fraudulent information becomes part of your permanent medical records, which can lead to dangerous situations if you need emergency care and your records contain inaccurate information about allergies, blood type, or previous treatments.

Criminals can also file false claims with your health insurance provider for services they never rendered, depleting your insurance benefits and potentially leaving you with unexpected bills. Medical identity theft is particularly difficult to detect and resolve because you may not discover it until you receive an explanation of benefits statement or are denied coverage.

The combination of your name, date of birth, address, and phone number enables criminals to create highly personalized phishing attacks. They may contact you pretending to be representatives of legitimate organizations to trick you into divulging additional sensitive information such as passwords or financial account numbers.

What Can You Do to Protect Yourself Online?

Data breaches affecting millions of people have become alarmingly common. However, you can take proactive steps to protect your personal and financial information:

• Enable two-factor authentication (2FA) on all your online accounts, especially email, banking, healthcare portals, and government benefit accounts. When activated, 2FA requires two forms of identification—typically your password plus a code sent to your phone or generated by an authentication app.
• Create strong, unique passwords for every online account. Each password should be at least 12 to 15 characters long and include uppercase and lowercase letters, numbers, and special characters. Never reuse passwords across multiple accounts. Consider using a password manager to generate and securely store complex passwords.
• Be cautious about information you share on social media. Avoid posting your birthdate, hometown, mother's maiden name, or other information commonly used in security questions. Review and adjust your privacy settings to limit who can see your posts.
• Install and maintain reputable antivirus and anti-malware software on all your devices. Keep this security software up to date with the latest virus definitions and security patches.
• Keep your operating systems, web browsers, and applications updated with the latest security patches. Enable automatic updates whenever possible to ensure you receive important security fixes.
• Exercise caution when using public Wi-Fi networks. Avoid accessing banking websites, entering passwords, or sharing sensitive information while connected to public Wi-Fi. If you must use public Wi-Fi for sensitive transactions, use a virtual private network (VPN) to encrypt your connection.
• Be vigilant for phishing attempts delivered through email, text messages, or phone calls. Warning signs include poor grammar, generic greetings, urgent or threatening language, suspicious sender addresses, and requests for personal information. When in doubt, contact the organization directly using a phone number or website you independently verify.
• Before entering sensitive information on any website, verify it is secure by checking for "https://" at the beginning of the URL and a padlock icon in your browser's address bar. Always verify you are on the correct website by carefully checking the URL.
• Monitor your financial accounts and credit reports regularly for signs of unauthorized activity. Review your bank and credit card transactions at least weekly. Check your credit reports from all three bureaus at least once per year through AnnualCreditReport.com.

Consider enrolling in a dark web monitoring service or identity theft protection service, especially if your information has been exposed in a data breach. These services continuously scan for your personal information and alert you if your data is being traded or sold illegally.