Conduent, a major American business services company, has confirmed that a data breach discovered earlier this year has affected more than 10.5 million people.
The company disclosed the incident in notifications sent to several U.S. Attorney General offices.
Conduent is a business process outsourcing (BPO) firm that provides digital and administrative services for both government agencies and private companies. It was spun off from Xerox in 2017 and now employs around 56,000 people across 22 countries, with an annual revenue of about $3.4 billion.
The largest number of affected individuals comes from Oregon, where officials reported 10.5 million people impacted. Additional notifications from Texas list about 4 million affected residents, with 76,000 in Washington and several hundred in Maine. Since Conduent works with multiple state governments, the total number of victims is likely even higher.
According to the company’s notice, the exposed information includes names, Social Security numbers, dates of birth, health insurance policy or ID numbers, and medical data. As of October 24, 2025, Conduent said there’s no evidence that the stolen data has been used for fraud or other malicious activity.
The breach is linked to a cybersecurity incident that caused a service outage earlier in the year. Although Conduent did not name the attackers, the Safepay ransomware group claimed responsibility in February. In April, the company confirmed in a filing with the SEC that hackers had accessed files containing both customer and client data. Investigators later determined that the attackers had breached Conduent’s systems months earlier, on October 21, 2024.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
While Conduent has advised affected individuals to monitor their credit reports, place fraud alerts, and consider freezing their credit, the company has not offered free identity theft protection or credit monitoring at this time.
