Accounts Impacted: At least 25 million Americans
Breach Occurrence Date: October 2024 to January 2025
Added to Breach Breakdown: March 2026
The Conduent Data Breach: What Happened
The Conduent data breach is now considered by the Texas Attorney General to be likely the largest data breach in US history. Conduent is a major US government technology contractor that processes medical billing, government benefit payments, toll transactions, and prepaid cards for state agencies and large employers across the country. Most of the 25 million Americans affected had never heard of Conduent and never directly chose to share their data with them.
The Conduent data breach began in October 2024, when the SafePay ransomware group gained unauthorized access to Conduent’s systems. The attackers remained inside the network for nearly three months, until Conduent detected and mitigated the intrusion in January 2025. During that time, SafePay stole more than eight terabytes of sensitive personal data and threatened to release it publicly if their ransom demands went unmet.
What makes the Conduent data breach especially alarming is the timeline. The breach happened in late 2024, yet most victims were not notified until October 2025 at the earliest, with notifications continuing through April 2026. That means millions of Americans had their most sensitive data circulating among criminals for over a year before anyone told them. Multiple class action lawsuits have since been filed in federal court, and state attorneys general including Texas are actively investigating why notification took so long.
What Data Was Exposed in the Conduent Data Breach
The Conduent data breach exposed some of the most sensitive personal data possible. Because Conduent processes benefits and HR records on behalf of government agencies and large employers, the data goes far beyond simple contact details. According to notification letters and state regulatory filings, the exposed information includes:
- Full legal names
- Home addresses
- Social Security numbers (SSNs)
- Dates of birth
- Medical information and health records
- Health insurance details and claims data
- Government benefit program data
- Employee HR and payroll-related information
The exact data exposed varies depending on the individual and which Conduent client handled their records. Notably, the Conduent data breach also affected employees, with nearly 17,000 Volvo Group North America employees confirmed among those impacted.
Why the Conduent Data Breach Is So Dangerous
The Conduent data breach is not a typical breach. The combination of Social Security numbers, medical records, and government benefit data is among the most dangerous data that can be stolen. Specifically, this exposure creates severe and long-lasting risks including:
- Identity theft and credit fraud using your SSN to open new accounts, take out loans, or file fraudulent tax returns in your name.
- Medical identity theft where criminals use your health insurance data to fraudulently claim medical services, leaving you with unexpected bills and damaged records.
- Government benefits fraud using your benefit program data to redirect payments or make false claims under your identity.
- Targeted phishing and scam emails crafted using your personal details to appear legitimate and steal even more information.
- Permanent exposure risk. Unlike a password or credit card, a Social Security number cannot be changed. The consequences of the Conduent data breach could follow victims for decades.
Furthermore, because victims were not notified for up to a year after the Conduent data breach occurred, criminals had a significant head start. As a result, if your data was in this breach, fraudulent activity using your information may already be underway.
What You Should Do Now If You Were Affected by the Conduent Data Breach
You may be affected by the Conduent data breach if you have ever received Medicaid, SNAP benefits, or other state-administered healthcare, or if you worked for an organization that uses Conduent for HR or benefits processing. If you receive a notification letter from Conduent, act immediately. Even if you have not received one, take these steps now:
- Place a credit freeze with all three major credit bureaus (Equifax, Experian, and TransUnion) immediately. A credit freeze is free and stops criminals from opening new accounts in your name.
- Enroll in the free credit monitoring offered by Conduent if you received a notification letter. The enrollment deadline is April 30, 2026.
- Monitor your health insurance statements for any services or claims you did not authorize. Medical identity theft can be difficult to detect without regular review.
- File your taxes early to prevent criminals from filing a fraudulent return using your Social Security number before you do.
- Watch for phishing emails and calls that use your personal details to appear credible. Do not click links or provide any information to unsolicited contacts.
- Switch to a secure, opt-in email service like OptMsg to ensure that phishing emails from criminals exploiting the Conduent data breach never reach your inbox.
How OptMsg Helps After the Conduent Data Breach
The Conduent data breach exposed your Social Security number, medical records, and home address to criminals who had them for months before you were told. While you cannot undo that, you can stop them from reaching you in your inbox. Here is how OptMsg helps:
- You decide who can email you. OptMsg’s patent-pending opt-in router technology means only people you approve can reach your inbox. Therefore, even if criminals have your email address from the Conduent data breach, they cannot send you phishing emails or scam attempts.
- No password to steal. OptMsg does not rely on a password to protect your account. When breaches expose credentials, attackers have nothing to exploit here.
- We don’t collect your personal data to sell to advertisers. Unlike “free” inboxes that profit from your information, OptMsg charges a small fee instead of treating you as the product.
- OptMsg does not scan your emails to sell ads. In short, your inbox belongs to you, not to advertisers or AI training systems.
Why the Conduent Data Breach Matters to Every American
The Conduent data breach is unlike most of the breaches we cover. In most incidents, people knowingly gave a company their data. In this case, 25 million Americans had no idea Conduent even had their information. They signed up for Medicaid through their state. They received SNAP benefits. They worked for a company that outsourced its HR systems. Conduent was invisible to them, until this breach made it impossible to ignore.
Moreover, the delayed notification makes the Conduent data breach even more damaging. State breach notification laws typically require disclosure within 30 to 60 days. Conduent took up to a year. That gap gave criminals a massive head start and left victims unable to take protective action when it would have mattered most.
The Conduent data breach is a clear warning that your personal data is not just at risk from the companies you choose to work with. It is at risk from every contractor, subcontractor, and third-party processor those companies use. You cannot control all of them. However, you can control your inbox. OptMsg ensures that no matter whose systems get breached, criminals cannot use your email address to reach you.
Your Inbox. Your Rules.
Take control of your inbox today. Download OptMsg on iOS, Android, or use it on the web.
Helpful Links
- Fox Business: Data Breach Exposes Personal Data of 25 Million Americans
- Malwarebytes: The Conduent Breach, From 10 Million to 25 Million and Counting
- OptMsg Security Solutions
Stay informed. Stay secure. OptMsg actively protects your email from data breaches and cyber threats. Our Breach Breakdown blog alerts you when companies expose personal information, so you can respond before criminals take advantage of it.
