Conduent Data Breach Exposes 10.5 Million People’s Information
▼ Summary
– Conduent’s 2024 data breach has impacted over 10.5 million people, with the largest reported number from Oregon’s government.
– The exposed data includes names, Social Security Numbers, dates of birth, health insurance details, and medical information.
– Although the breach was discovered in January 2025, the systems were initially compromised on October 21, 2024.
– Conduent stated there is no evidence of data misuse as of October 24, 2025, but the actual impact may be larger due to unreported figures from other states.
– The company linked the incident to a cybersecurity event and a ransomware gang, with stolen files containing customer and client data disclosed in an SEC filing.
A significant data breach at the business services firm Conduent has compromised the personal information of more than 10.5 million individuals, based on notifications submitted to US authorities. The company, which specializes in providing digital platforms and business process outsourcing for both government and corporate clients, began alerting affected people this month. Official filings from the Oregon government alone confirm the exposure of data belonging to 10.5 million people.
Additional notifications posted on the Texas Attorney General’s website indicate millions more were impacted, approximately 4 million in Texas, 76,000 in Washington, and several hundred in Maine. Because Conduent works with numerous other states that have not yet released specific figures, the true scale of the incident could be substantially larger.
Sensitive personal details were exposed in the breach, including names, Social Security numbers, complete dates of birth, health insurance policy or identification numbers, and medical records. Despite the severity of the exposure, Conduent stated in its notification that as of October 24, 2025, it had not found evidence indicating misuse of the stolen information.
The incident traces back to a cybersecurity event earlier this year. Conduent initially experienced a service outage, which the company later confirmed resulted from a security breach. Although Conduent did not publicly identify the perpetrators, the Safepay ransomware gang claimed responsibility for the attack toward the end of February.
By April, the firm reported in an SEC filing that threat actors had successfully exfiltrated files containing sensitive customer and client data. A subsequent investigation revealed the full scope of the breach, determining that although the intrusion was detected in January 2025, attackers had first gained access to Conduent’s systems months earlier, on October 21, 2024.
Affected individuals are being advised to review their credit reports and consider placing fraud alerts or security freezes on their accounts. Notably, Conduent has not offered complimentary identity theft protection or credit monitoring services to those impacted by this incident.
(Source: Bleeping Computer)
