A massive data breach at Conduent, a major business services provider handling healthcare billing and other sensitive data, has compromised the personal information of 10.5 million individuals. The incident, discovered in January 2025 but stretching back to October 2024, exposed names and, crucially, Social Security numbers to an unauthorized third party. This makes it one of the largest healthcare data breaches ever recorded.
Scale and Scope of the Breach
The breach affected nearly 10.5 million people, placing them at elevated risk of identity theft and fraud. Conduent has notified state attorneys general and affected individuals, though the full extent of exposed data remains unclear. While not all 10.5 million had their SSNs exposed, the inclusion of this critical identifier in some records makes the breach particularly severe.
The company’s business model grants it access to highly sensitive data, handling medical billing, Medicaid screening, and even toll collection for governments and private organizations worldwide. This broad reach explains why so many individuals were affected.
What Conduent Says
Conduent claims that the unauthorized access occurred between October 21, 2024, and January 13, 2025. The company states that it has secured its network and is working with forensic experts to analyze the stolen files.
“We immediately secured our networks and initiated an investigation with the assistance of third-party forensic experts,” Conduent wrote in a notification letter.
Currently, Conduent reports no evidence of misuse of the stolen data, but this does not eliminate the immediate danger to those affected.
Why This Matters
Large-scale breaches like this are becoming increasingly common. Recent settlements, such as the $177 million class action against AT&T, demonstrate how frequently organizations fail to protect private data. The stakes are high because Social Security numbers are a key component for identity theft, allowing criminals to open fraudulent accounts, file false tax returns, and commit other financial crimes.
Protecting Yourself
If you believe your information may have been exposed, take immediate action:
- Monitor your credit reports for suspicious activity.
- Place a fraud alert on your credit files.
- Consider a credit freeze to restrict access to your credit.
- Be vigilant against phishing scams or unusual communication from financial institutions.
The Conduent breach serves as a stark reminder that personal data remains vulnerable, and individuals must actively protect themselves in the face of growing cyber threats.
