Who is Conduent? If you asked that question this past week, you’re not alone. Hackers stole sensitive information on a sizable portion of U.S. residents from this major data processor, with the original estimate to be about 10.5 million back in October. But recent disclosures have shot the number of the affected to 25 million—which pushed Conduent back into the news.
The Texas Attorney General has called this debacle the largest data breach in U.S. history, but that claim is not true. (Examples of larger breaches include the 2017 Equifax breach, which affected about 148 million, and the 2024 Change Healthcare ransomware attack, which hit over 190 million people.)
What is true is the threat of identity theft and other fraud, given the types of data that flows through Conduent—and how this breach was handled.
Conduent handles back-end data processing for a variety of clients, both in the private and public sectors. That list includes U.S. government programs targeting hunger, child care, and medical care. In a recent press release, the company describes its government services as:
Clients also include major private groups like heath insurer Blue Cross, with services covering tasks like mailing and payment processing.
Attackers infiltrated Conduent and stole data from October 21, 2024 through January 13, 2025. Conduent began disclosures to state regulators as early as January 2025, but did not begin directly notifying those affected until October 2025.
In its state filings, Conduent reported that leaked data included:
Outside of the identity theft risks that come from your name, birthdate, address, and social security information floating around on the dark web, detailed information about your health insurance or medical information can make you a juicier target for personalized scams.
Additionally, with Conduent having delayed for a year issuing direct notifications to individuals, plus the risk not being known to the public, those affected may not immediately catch the signs of identity theft or scams. You might continue thinking you’re only at average risk.
If you received a paper notice in the mail from Conduent, it’s likely real. You can verify and ask follow-up questions by calling (855) 291-2605 or send a letter to:
Attn: Data Incident
100 Campus Drive, Suite 200
Florham Park, New Jersey 07932
Conduent is providing one year of credit monitoring to affected individuals, but in my opinion, that’s not enough to be protected.
Instead, I recommend the following steps—even if you’re not affected directly by the Conduent data breach. Realistically it’s only a matter of time before a different breach will hit you the same way.
You can read more details on each of these tasks in our guide on what to do if hackers stole your social security number. Usually each one takes about 15 to 20 minutes, possibly longer if you first need to create an account.
Also helpful: Set up alerts for your financial accounts (banking, credit cards, etc). You’ll immediately know if fraudulent activity pops up. Some banks also offer credit alerts that let you know when your credit score changes or a new account appears on your file.
A Conduent spokesperson sent the following statement along after this article was published on March 6:
A Conduent spokesperson also sent this follow-up statement a day later:
Author: Alaina Yee
Source: PCWorld
Reviewed By: Editorial Team
