Conduent Data Hack: Social Security Numbers of Over 10 Million Americans Exposed in Massive Breach

A major cybersecurity breach at government contractor Conduent Business Services LLC has exposed the sensitive personal information of more than 10.5 million Americans, according to multiple reports.

The breach, which affected data processed on behalf of government agencies and private health insurers, is now one of the most significant data compromises in recent U.S. history.

The unauthorized access was discovered by Conduent in January 2025, although the breach reportedly began months earlier. Conduent provides administrative and technology services — including benefits processing and claims administration — to a wide range of public-sector and healthcare clients.

According to Rolling Out, the breach exposed personal identifiers, including names, Social Security numbers, dates of birth, and in some cases health insurance and medical claims information for millions of people. The breach affected individuals whose information Conduent processed for various government programs and private insurers.

Therecord.media reported that the total number of affected individuals exceeds 10 million, with notices sent to impacted residents across multiple states, including Massachusetts, beginning in late 2025. Many recipients were notified that their information was present in the compromised data sets.

Conduent has stated that it engaged third-party cybersecurity experts following discovery of the breach to investigate and contain the incident. The company also notified law enforcement and relevant regulators, and began issuing notification letters to affected individuals in accordance with state and federal requirements.

As reported by Fox News, Conduent indicated there is currently no evidence the stolen information has been publicly posted or widely misused, but the company acknowledged the significant risks posed by exposure of highly sensitive personal data.

The breach has had major financial consequences for Conduent. According to HIPAA Journal, the company expects breach-related costs to reach tens of millions of dollars, including expenses from forensic investigations, notification efforts, and remediation activities.

Additionally, CPO Magazine reported that the incident has sparked nearly a dozen class action lawsuits alleging Conduent failed to adequately protect personal data and notify individuals in a timely fashion. Plaintiffs in these lawsuits argue that the company’s security practices were insufficient and that the breach has exposed affected individuals to increased risks of identity theft and fraud.

Cybersecurity experts and consumer advocates warn that the exposure of Social Security numbers, birth dates, and related personal information significantly increases the risk of identity theft, financial fraud, and fraudulent medical claims. Affected individuals are being encouraged to monitor their credit reports closely, consider placing fraud alerts or credit freezes with major credit bureaus, and be vigilant for suspicious activity in financial and medical accounts.

The Conduent breach highlights ongoing concerns about the cybersecurity practices of third-party vendors that handle sensitive government and healthcare data. Industry observers say the incident underscores the need for stronger protections, increased oversight, and tighter data security requirements for service providers entrusted with large volumes of personal information.

As investigations and litigation continue, federal and state regulators are expected to take a closer look at vendor risk management practices and potential reforms to better safeguard consumer data in the future.