The American business services giant Conduent has confirmed that a 2024 data breach has impacted over 10.5 million people, according to official notifications filed with US Attorney General offices.
Scope of the Breach
Conduent, a business process outsourcing (BPO) company spun off from Xerox, provides digital platforms and services for governments and enterprises. The company began sending data breach notifications to affected individuals this month.
The largest reported number came from the Oregon government, which stated that 10.5 million people were affected. Further notifications shared on the Texas Attorney General's site report 4 million people, 76,000 in Washington, and several hundred in Maine.
Given that Conduent provides services to many other states where specific data breach figures have not yet been published, the actual national impact could be substantially larger. The data breach notifications confirm that people's name, Social Security Numbers, full date of birth, health insurance policy or ID number, or medical information were exposed in the incident.
Conduent's notification claims that as of October 24, 2025, when the notice was circulated, there is no evidence that the stolen data has been misused.
Timeline and Recommendations
This massive data exposure is linked to a cybersecurity incident that caused a service outage at Conduent at the start of 2025. Although the threat actor was not immediately named, the Safepay ransomware gang later claimed responsibility in late February.
In April, the firm disclosed in an SEC filing that threat actors had successfully stolen files from its systems containing customer information, as well as data belonging to their customers' clients.
An investigation into the scope of the attack has now determined the extensive impact on millions of people. Furthermore, although the breach was discovered in January 2025, the affected environment had been compromised much earlier, on October 21, 2024.
Notification recipients are strongly recommended to obtain credit reports and consider placing fraud alerts and a security freeze on their accounts, although Conduent did not offer identity theft protection or credit monitoring services in this case.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
