Conduent Data Breach Affects 10.5 Million People Exposing Protected Information

On Jan. 13, 2025, Conduent, an information technology and business services provider, discovered a data breach. An investigation determined that a cybercriminal accessed Conduent’s systems between Oct. 21, 2024, and Jan. 13, 2025 and obtained files containing sensitive information. The cyberattack compromised 10,515,849 individuals across the United States, including 4,001,844 residents in Texas, 42,062 in Maine, 76,285 in Washington, 44,010 in New Hampshire, 643 in Iowa, 374 in Maine and 33 in Montana.

The threat actor, known as SAFEPAY, deployed ransomware and claimed responsibility for stealing approximately 8.5 terabytes of data. The group threatened to publish the stolen data within days, advertising the breach on a Tor-based leak site.

The compromised data included both personally identifiable information (PII) and protected health information (PHI). Exposed information included names, Social Security numbers, medical information and health insurance information. The scope and sensitivity of the information exfiltrated make this a severe breach, given the high risk of possible identity theft and fraud.

The hacked files originated from Conduent’s work as a third-party service provider for various clients, which means the breach could impact individuals whose data was processed on behalf of multiple organizations. A disclosure identified Humana as one of the healthcare organizations affected by the cyberattack.

The cybersecurity incident was first disclosed to the Securities and Exchange Commission on April 9, 2025, as detailed in Conduent’s SEC Form 8-K filing.

The data breach was also reported to the California Attorney General’s office and Montana Attorney General on Oct. 8, 2025, and the Texas Attorney General’s office on Oct. 9, 2025. The cybersecurity incident was subsequently disclosed to the Maine, Massachusetts, Oregon, Iowa and Washington Attorney Generals offices between Oct. 24, 2025 and Oct. 27, 2025. The breach was later disclosed to the Attorney Generals' in New Hampshire and Vermont.

Conduent's response

After discovering the incident, Conduent restored affected systems and notified law enforcement. The company began notifying affected individuals by mail on Oct. 8, 2025 and established a dedicated assistance line for questions at 855-291-2608, Monday‒Friday, from 9:00 a.m. to 9:00 p.m. Eastern Time.

If you receive a notice, or believe your personal information may have been compromised in this breach:

• Carefully review any notice or communication you receive from Conduent or a company that does business with Conduent.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with the major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.

More information about the technology services provider can be found on the Conduent website.