Conduent Data Breach Exposes Data of 10.5 Million People
▼ Summary
– Over 10.5 million individuals were affected by a 2024 data breach at Conduent Business Services, with customer notifications sent in October 2025.
– The breach was discovered on January 13, 2025, after an unauthorized third party had access to Conduent’s systems for nearly three months starting October 21, 2024.
– Compromised data includes names, Social Security numbers, dates of birth, medical information, and health insurance details.
– The SafePay ransomware gang claimed responsibility in February 2025, stating they stole 8.5TB of data and emerged as a highly active group in October 2024.
– Conduent provides critical services to government health programs and toll systems, and this breach is ranked the eighth largest healthcare data breach of all time by HIPPA Journal.
A significant cybersecurity event at Conduent Business Services has compromised the personal information of more than 10.5 million individuals, marking one of the most substantial data breaches in recent history. The company has formally notified affected customers and submitted detailed filings to multiple state attorney general offices, underscoring the extensive scope of this incident across numerous jurisdictions.
According to documents submitted to the Oregon Department of Justice, the breach impacted over ten million people, with official customer notifications dispatched in October 2025. The incident had a particularly severe effect in Texas, where over four million residents had their data exposed, alongside 76,000 individuals in Washington and several hundred more in Maine.
Conduent first detected the unauthorized system access on January 13, 2025. Further investigation revealed that an outside party had infiltrated the company’s network nearly three months earlier, with initial access dating back to October 21, 2024. During this extended period, the intruders operated within Conduent’s systems without detection.
The organization has since collaborated with a specialized review team to thoroughly analyze compromised files and determine exactly what personal information was accessed. Affected individuals have received confirmation that their specific data was included in the breached files. The stolen information potentially includes highly sensitive details such as names, Social Security numbers, dates of birth, medical records, and health insurance information.
In February 2025, the SafePay ransomware gang publicly claimed responsibility for the cyberattack, boasting they had successfully exfiltrated approximately 8.5 terabytes of data. This criminal organization first appeared in October 2024 and has rapidly become one of the most prolific ransomware groups operating globally.
Conduent plays a critical role in providing essential business support services, including third-party printing and mailroom operations, document processing, payment integrity verification, and various back-office functions. The company serves an estimated 100 million Americans through government health programs, manages several of the nation’s largest toll systems, and handles government payment distributions for federally funded benefit programs and payment card services.
The HIPPA Journal has ranked this security incident as the eighth largest healthcare data breach ever recorded. What remains unclear is how many of the compromised records fall under the regulatory purview of the Health Insurance Portability and Accountability Act (HIPAA), as this determination affects the legal implications and reporting requirements surrounding the breach.
(Source: Info Security)
