US enterprise services provider Conduent is under scrutiny after a massive data breach affecting more than 10.5 million people in multiple US states was confirmed.
While the data breach was discovered in January of this year, Conduent said hackers had access to their systems from October 21, 2024 until January 13, 2025, when the breach was discovered.
The exposed data included names, social security numbers, dates of birth, as well as medical information and health insurance details, and the scope of the cyberattack makes it the 8th largest healthcare breach in US history, Red94 reported.
Since then, Conduent has incurred approximately $25 million in direct response costs as it has made $9 million in cash payouts through September 2025 and $16 million in cash is due through the first quarter of 2026.
Read also | An AT&T customer? File a data breach settlement claim up to $7,500 by the deadline – here’s how
Residents of which states were affected?
According to the Texas Attorney General, more than 4 million Texans were affected by the breach.
Additionally, another 1 million Conduent customers were affected by the breach in Oregon, as were 200,000 in Montana, among others.
Further details were not immediately available.
Installation costs for the company
After the company disclosed the data breach, several class-action lawsuits were filed against the company, with patients and privacy advocates alleging that Conduent failed to implement adequate security measures despite having a wealth of sensitive healthcare information.
Given the number, analysts suggest the ultimate cost to the company could exceed $50 million, which includes litigation, settlements and ongoing remediation efforts.
Red94 sent notifications to millions of affected customers informing them of the breach, and said the notification process itself placed a significant financial and operational burden on business service providers.
Read also | Apple and Google are warning users in more than 150 countries about targeted cyber attacks
In addition to contacting the millions of affected customers, Conduent also provides credit monitoring services for three years through Kroll.
After considering all the circumstances, the company warned of further financial impact.
“It is possible that future risks and uncertainties arising from the January 2025 cyber event, including those related to affected data, litigation, reputational damage and regulatory actions, could adversely affect the company’s financial condition or results of operations,” Conduent said in October.
Read also | If you are building a smart home, you also need to know about smart home hacking
What can disabled customers do?
Individuals affected by the massive data breach are encouraged to take advantage of the free credit monitoring services offered by Conduent through Kroll and regularly monitor their credit reports for signs of any suspicious activity.
Affected customers should also consider submitting a fraud alert or credit freeze to the three major U.S. credit bureaus — Equifax, Experian and TransUnion — to prevent unauthorized account opening.
Additionally, if you believe your identity has been compromised, we recommend filing a report with the Federal Trade Commission at IdentityTheft.gov.
