Conduent Business Services has reported a significant data breach affecting more than 10.5 million customers, including over 4 million in Texas. This breach marks one of the largest in U.S. history, with implications for many of the individuals whose personal data has been compromised.
Based in New Jersey, Conduent is a business process outsourcing company that serves nearly half of the Fortune 100 companies, alongside various government and transportation agencies. The company, which spun off from Xerox in January 2017, is involved in sectors that handle extensive personal and health-related data.
The breach occurred between October 21, 2024, and January 13, 2025, when an unauthorized third party, reportedly the ransomware group SafePay, accessed approximately 8.5 terabytes of sensitive data. According to Claim Depot, the information compromised included names, Social Security numbers, medical records, and health insurance details. Conduent informed the Securities and Exchange Commission (SEC) about the breach in April but did not alert its customers until October 8, 2025.
Recent reports from the Texas Attorney General’s office revealed that 4,001,844 Texans are among those affected. The incident is noted as the eighth largest data breach in U.S. history by the HIPAA Journal.
In response to the breach, Conduent has stated that they are taking the situation seriously. The company has committed to notifying individuals whose personal information may have been exposed and has set up a dedicated call center for inquiries. Conduent claims there is currently no evidence of misuse of the data involved and emphasizes their quick actions, which included securing networks, restoring operations, and collaborating with forensic experts for a thorough investigation.
Legal implications are also unfolding, with several class-action lawsuits filed against Conduent in New Jersey federal court. These lawsuits allege negligence in protecting customer data and failure to provide timely notifications. Montana state regulators are also investigating the breach, particularly regarding its impact on Blue Cross Blue Shield of Montana members.
For individuals who believe their data may have been compromised, it is essential to stay vigilant. If notified of the breach, affected individuals may receive solicitation from law firms to join class-action lawsuits, providing potential avenues for compensation. It is advisable to document any adverse effects such as identity theft or fraud resulting from the breach.
As the situation develops, Conduent’s case underscores the importance of robust data protection measures and timely communication with customers, especially when handling sensitive information. The commitment to transparency and addressing the concerns of those affected will be vital as the company navigates the aftermath of this breach.