The Conduent data breach is one of the largest healthcare-related security incidents in U.S. history, impacting at least 25 million individuals across the country.

Advertisements - Continue reading below

Breach Overview

  • Incident Timeline: Unauthorized access occurred between October 21, 2024, and January 13, 2025.
  • Discovery & Attribution: Conduent detected the intrusion on January 13, 2025; the SafePay ransomware group later claimed responsibility, stating they exfiltrated approximately 8.5 terabytes of data.
  • Scope of Exposure: Compromised data includes full names, addresses, dates of birth, Social Security numbers, health insurance policy details, and sensitive medical information.

Affected Clients

As a third-party processor for government agencies and major corporations, many victims had no direct relationship with Conduent.

  • Healthcare & Insurance: Major impacted clients include Humana, Premera Blue Cross, and several Blue Cross Blue Shield affiliates (Texas, Montana, Illinois, New Mexico).
  • Government Programs: Data from state agencies managing Medicaid, SNAP (food assistance), child support, and unemployment insurance was exposed.
  • State Impact: Texas (15.4 million) and Oregon (10.5 million) have reported the highest numbers of affected residents.

Protective Actions

  • Notifications: Conduent began mailing official notices in October 2025, with many individuals receiving them as recently as March 2026. Notifications are expected to continue through mid-April 2026.
  • Free Services: The company is offering one year of free credit monitoring and identity restoration services through Epiq.
  • Deadlines: Victims generally must enroll in these services by April 30, 2026.
  • Next Steps: Experts strongly recommend freezing your credit at all three major bureaus (Experian, Equifax, and TransUnion) to prevent fraudulent accounts from being opened.

Financial Snapshot

The breach has caused significant financial fallout for Conduent.

  • Stock Performance: Shares have declined significantly, trading at approximately $1.50 as of early 2026, down from a historical high of over $23 in 2018.
  • Direct Costs: The company estimated direct response costs, primarily for notifications and forensics, at roughly $25 million as of early 2026.
  • Legal Risks: A plaintiffs' steering committee was appointed in December 2025 to oversee multidistrict litigation, exposing the firm to potentially massive settlements and regulatory fines.