Conduent cyberattack: 10.5 million hit in 8th largest healthcare data breach in US—what affected people can do
American business services vendor Conduent is under scrutiny following confirmation of a massive data breach that affected over 10.5 million people across multiple US states.
While the data breach was detected in January this year, Conduent said that hackers had access to their systems from 21 October 2024 up until 13 January 2025, when the intrusion was detected.
Exposed data included names, Social Security numbers, dates of birth, as well as medical information and health insurance details, and the scale of the cyberattack makes it the 8th largest healthcare breach in US history, reported Red94.
Since then, Conduent has incurred approximately $25 million in direct response costs, having made cash disbursements of $9 million through September 2025, and with $16 million in cash disbursements to be sent out by the first quarter of 2026.
Also Read | AT&T customer? Claim data breach settlement up to $7,500 by deadline—here’s how
Residents of which states have been affected?
As per the Texas Attorney General’s office, more than 4 million Texas were impacted by the breach.
Further, another 1 million of Conduent’s customers were affected by the Breach in Oregon, as well as 200,000 in Montana, in addition to others.
Further details weren’t immediately available.
Mounting costs for the company
Following the company’s disclosure of the data breach, multiple class action lawsuits have been filed against the firm, with patients and privacy advocates arguing that Conduent failed to implement adequate security measures in spite of having a trove of sensitive healthcare information.
Given the number of, analysts suggest that the final cost for the company could exceed $50 million, accounting for litigation, settlements, and ongoing remediation efforts.
With the company sending notices to millions of affected customers informing them of the breach, Red94 reported that the notification process alone represented a significant financial and operation burden for the business services provider.
Also Read | Apple, Google warn users in over 150 countries of targeted cyber attacks
In addition to contacting millions of affected customers, Conduent is also providing credit monitoring services for three years through Kroll.
All things considered, the company has warned of a further financial fallout.
“It is possible that future risks and uncertainties resulting from the January 2025 Cyber Event, including those related to impacted data, litigation, reputational harm, and regulatory actions, could adversely affect the Company’s financial condition or results of operations,” Conduent had stated in October.
Also Read | If you are building a smart home, you need to know about smart home hacking, too
What can affected customers do?
Individuals affected by the massive data breach are advised to take up the complimentary credit monitoring services that Conduent is offering through Kroll and monitor credit reports regularly for signs of any suspicious activity.
Affected customers should also consider placing a fraud alert or credit freeze with the three major credit bureaus in the US—Equifax, Experian, and TransUnion—to prevent unauthorized opening of accounts.
Further, if you believe that your identity has been compromised, it is advised to file a report with the Federal Trade Commission at IdentityTheft.gov.
