Products are selected by our editors, we may earn commission from links on this page.
A massive cybersecurity breach at Conduent, a major technology and services contractor for public programs and health insurers, has exposed the personal information of at least 26 million Americans, making it one of the largest data breaches ever recorded in the United States. Hackers infiltrated Conduent’s systems over a period of several months, gaining access to sensitive files that include names, Social Security numbers, health details and addresses tied to people across multiple states. The sheer scale of the incident has experts and state authorities warning the public to take identity protection measures seriously.
Investigators now believe that the breach began in late 2024 and continued into early 2025 before being detected and shut down, which allowed attackers to steal roughly 8 terabytes of data related to individuals served by state benefit programs and corporate clients. Reports show that states like Texas and Oregon were among the hardest hit, with millions of residents’ information potentially compromised, and the total affected continues to rise as notifications unfold.
While Conduent supports services for government and health insurance programs reaching more than 100 million people, the company has not fully disclosed the final tally of all affected individuals and is continuing notification efforts into 2026. Security analysts have labeled this incident one of the most serious in U.S. history, given the scope of personal data exposed and the prolonged period attackers had access to the systems before discovery.
What Data Was Exposed and Who Is at Risk
The compromised information reportedly includes Social Security numbers, names, home addresses, dates of birth, health insurance details and medical information tied to individuals whose data passed through Conduent’s processing systems for state programs and private health insurers. Having this type of data in the hands of unauthorized actors creates serious risks for identity theft, fraud and long-term misuse because these identifiers are often used for official verification and financial account access.
Unlike many data breaches that affect a single company’s customer database, this incident touches people who may not have interacted directly with Conduent, but whose information was part of records handled on behalf of state agencies or large insurance carriers. That means some individuals might discover their data was compromised only after receiving notification letters or seeing alerts from state officials or their employers.
Security experts note that sensitive personal data such as Social Security numbers and health information can remain valuable on underground markets for years, which makes quick action to protect accounts, monitor credit reports and secure personal identification numbers even more important for those impacted. The combination of health and identity details increases the complexity of potential fraud attempts that malicious actors could launch.
What Officials and Experts Are Urging You to Do
Officials in affected states, including Texas and Oregon, have advised residents to monitor their financial accounts, review credit reports regularly and consider placing fraud alerts or credit freezes with the major credit bureaus to prevent unauthorized activity linked to the compromised data. Freezing credit can help block new accounts from being opened in your name without verification.
Security specialists also recommend signing up for identity theft protection services, whether offered by Conduent as part of breach response efforts or through trusted third-party providers, to help flag unusual account activity and alert users quickly if their information is being misused. Additionally, updating passwords, enabling multifactor authentication and staying vigilant for phishing attempts can bolster personal defenses against exploitation.
Because notification processes are ongoing, individuals should watch for official letters, emails or alerts from state agencies, employers or Conduent itself that confirm exposure and provide tailored steps for accessing support services. Early awareness and proactive safeguards can reduce the risk of becoming a victim of identity theft or fraud in the months and years after a major breach.
How This Breach Could Change the Cybersecurity Landscape
This massive breach involving tens of millions of Americans underscores how deeply personal information flows through third-party contractors and how vulnerable those systems can become when targeted by sophisticated attackers. Companies and government agencies are being pressed to reevaluate cybersecurity practices and incident response strategies to prevent similar incidents in the future.
Experts say stronger data encryption, quicker breach detection mechanisms and greater transparency about vulnerabilities are essential for protecting the public’s personal information in an era where cyberattacks are increasingly frequent and costly. For individuals, the focus remains on vigilance, early detection of suspicious activity and using every available tool to safeguard identities.
As investigations continue and more specifics emerge, the fallout from the Conduent breach could have long-term implications for privacy law, breach reporting standards and how sensitive health and identity data is stored, shared and secured across both public and private sectors in the United States.