In an ongoing effort to address the situation, Conduent, a prominent business services provider, has begun notifying those affected by the January data breach. This breach resulted in the unauthorized access and theft of sensitive information from Conduent’s servers, affecting a significant number of clients and partners.

Conduent is known for delivering a range of critical services to businesses and government entities, including medical billing, automatic fee collection, and Medicaid screening. The breach has raised concerns about the security of these essential operations.

The incident first came to light with a service disruption in January 2025, impacting government agencies across multiple states. It wasn’t until months later that Conduent disclosed to the Securities and Exchange Commission the full extent of the hack, revealing that hackers had infiltrated their systems.

The breach timeline indicates that the cybercriminals gained access to Conduent’s network on October 21, 2024. However, it took until January 13, 2025, for the breach to be detected and the hackers to be expelled from the network.

The Oregon state government has reported that over 10.5 million individuals had their personal information compromised as a result of this breach, highlighting the magnitude of the attack and the significant impact on those affected.

According to HIPPAJournal.com, which provides information about medical services, the hack ranks eighth in the list of largest healthcare breaches in the world. 

Earlier this month, Conduent began notifying the people affected by the hack that their information had been obtained by malevolent actors. The company also sent notices to Attorneys General in several states informing them that they were preparing to send letters to thousands of people in their states. 

Over the nearly three months hackers were in the Conduent network, they were able to steal various files containing personal information from people who used the company’s services. Some of the information stolen included names, addresses, dates of birth, Social Security numbers, health insurance details and medical information. 

Conduent will not provide identity theft protection services to the millions of people affected by the hack. Instead, the letter they are providing to affected users encourages them to get a free credit report and put freezes on their credit. 

“Upon discovery of the incident, we safely restored our systems and operations and notified law enforcement,” the company wrote to affected users. “We are also notifying you in case you decide to take further steps to protect your information should you feel it appropriate to do so.”

Conduent said it was not aware of any of the data being used for fraud since the hack.