Conduent confirms one of the largest healthcare data breaches in U.S. history, affecting over 10.5 million people and exposing sensitive medical information. An unauthorized third party accessed the business process outsourcing giant’s network from October 21, 2024, until detection in January 2025, making this the eighth-largest healthcare breach ever recorded. Affected individuals are receiving notification letters detailing what happened and what steps they should take to protect themselves.
🔥 Quick Facts
- 10.5 million individuals affected across healthcare and government sectors nationwide
- Breach access period: October 21, 2024 to January 13, 2025 (nearly three months)
- Exposed data includes names, Social Security numbers, dates of birth, medical records, and insurance information
- Conduent anticipates $25 million in breach-related costs by Q1 2026, with cyber insurance covering portion
What Conduent Does: Business Services Giant in Crisis
Intuit emerges as best software stock for 2026 while stock crashes to bargain levels analysts didn’t expect
2026 tax brackets shock Americans with hidden paycheck truth nobody expected
Conduent Inc. is an American business process outsourcing (BPO) company headquartered in Florham Park, New Jersey, formed in 2017 as a divestiture from Xerox. The company provides technology-driven services including transaction processing, document management, printing, mailing, and back-office support across healthcare, government, and commercial sectors.
Major clients affected include Blue Cross Blue Shield of Montana (462,000 people), Blue Cross Blue Shield of Texas (310,000 UT Select and UT Care members), Humana customers, and Premera Blue Cross members. Government agencies impacted include the Wisconsin Department of Children and Families and Oklahoma Human Services, with more than 4 million affected individuals in Texas alone.
Timeline of the Breach: From Initial Compromise to Public Notification
Marcus Lemonis takes CEO role at Bed Bath & Beyond with $25M cost-cutting plan and watch what industry experts are saying about his next move
SPX surges 34 points at open with shocking tech recovery, here’s what caused the unexpected Venezuela rally
The breach followed a disturbing timeline that prosecutors and lawyers say demonstrates negligence. Initial intrusion occurred on October 21, 2024, when an unauthorized threat actor first gained access to Conduent’s network systems. The company failed to detect the compromise for nearly three months.
On January 13, 2025, Conduent finally discovered the breach during a forensic investigation. The company immediately secured its network and worked with third-party cybersecurity experts to investigate the scope. By April 2025, Conduent filed an SEC disclosure confirming a significant data theft affecting millions of individuals. However, individual notifications did not begin until October 2025—nine months after the initial intrusion.
Exposed Data and Security Breach Details
| Breach Specification | Details |
| Total Affected | 10.5 million individuals |
| Initial Access Date | October 21, 2024 |
| Detection Date | January 13, 2025 |
| Data Types Exposed | Names, SSNs, dates of birth, treatment info, insurance claims |
| Notification Start | October 2025 (postal mail) |
| Anticip. Costs (Q1 2026) | $25 million total |
Class Action Lawsuits Mount Against Conduent Over Failure to Secure Data
By November 2025, at least 10 federal class action lawsuits had been filed in the U.S. District Court for the District of New Jersey against Conduent Business Services LLC. Plaintiffs claimed the company negligently failed to implement adequate cybersecurity safeguards and delayed critical breach notifications to affected individuals.
Class action lawsuits allege negligence, breach of third-party beneficiary contract, and unjust enrichment. Plaintiffs seek compensatory and statutory damages, as well as injunctive relief requiring Conduent to upgrade security protocols and monitoring to prevent future breaches. Represented law firms include Lite DePalma Greenberg & Afanador LLC, Milberg PLLC, Morgan & Morgan PA, The Dann Law Firm, and multiple other national firms specializing in data breach litigation.
“Conduent is facing a growing wave of federal class action lawsuits after a massive data breach exposed the personal and health information of more than 10.5 million insurance customers—an incident that court filings say ranks as the eighth-largest healthcare data breach ever recorded.”
— Top Class Actions, Legal News Source
Why This Breach Matters: Long Delay and Regulatory Scrutiny Ahead
The ten-month delay between breach detection and victim notification prompted fierce criticism from lawyers and regulators. Questions linger about whether Conduent’s cybersecurity met industry standards and HIPAA requirements. The company will face investigations from the HHS Office for Civil Rights, state attorneys general, and potentially state regulators seeking to determine if violations occurred.
Financial implications extend beyond the anticipated $25 million in costs. Regulatory fines, litigation settlements, and reputational damage could substantially impact Conduent’s financial position. The company holds cyber insurance coverage that will provide partial protection, but the breadth of the breach means additional costs from lawsuits and settlements remain uncertain. Business clients may also reassess their data security arrangements with Conduent moving forward.
Sources
- HIPAA Journal – Conduent Anticipates $25M Data Breach Cost by Q1, 2026
- Top Class Actions – 10.5M Records Exposed: Conduent Class Action Litigation
- Mashable – Conduent Data Breach Affected 10.5 Million, Included SSNs
Patrick Graham is a business and finance journalist translating Wall Street’s complexities into stories that matter to everyday readers. With extensive experience in financial journalism and economic analysis, this expert journalist provides sharp insights on market trends, corporate developments, and the economic forces affecting daily life. His reporting helps readers make sense of the business world’s biggest moves.