Conduent ransomware breach confirmed to have exposed data of more than 62 million people
A late-2024 SafePay ransomware intrusion at outsourcing giant Conduent has been confirmed by U.S. regulators to have exposed the data of more than 62 million people, the third-largest healthcare breach on record.
- Victim
- Conduent Business Services
- records
- 62.2M
- users
- 62.2M
On 13 January 2025, Conduent Business Services โ the New Jersey-based business-process outsourcing giant spun off from Xerox in 2017 โ discovered that intruders had spent nearly three months inside its network. According to the company's disclosures, an unauthorised party maintained access from around 21 October 2024 until the activity was detected and cut off in mid-January 2025. The full scale of the theft only became clear in early July 2026, when the U.S. Department of Health and Human Services' Office for Civil Rights updated its breach portal to show that 62,224,658 individuals were affected โ a figure that ranks the incident behind only the 2024 Change Healthcare breach and the 2015 Anthem breach in the history of U.S. healthcare data compromises.
Conduent processes transactions, payments and administrative records on behalf of government agencies, health plans and large employers, which is why a single intrusion at the outsourcer cascaded into one of the largest health-data breaches ever recorded. The exposed information reportedly includes names, Social Security numbers, dates of birth, medical records, and health-insurance details belonging to the customers and members of Conduent's downstream clients. The SafePay ransomware group claimed responsibility, adding Conduent to its data-leak site in January 2025 and asserting that it had exfiltrated roughly 8.5 terabytes of data.
A count that kept climbing
The victim tally grew dramatically over eighteen months of investigation and notification. When the breach was first reported in the autumn of 2025, Conduent estimated that around 10.5 million people were affected. By February 2026 that figure had been revised to roughly 25 million, and the final count posted to the federal breach portal in July 2026 more than doubled it again to over 62.2 million. The escalation reflects the difficulty of identifying every downstream individual whose data a business associate holds on behalf of numerous client organisations.
Why it matters
Because Conduent is a business associate handling protected health information for many clients, the breach is recorded under U.S. health-privacy rules even though Conduent is itself a technology and outsourcing company rather than a hospital or insurer. Conduent has offered affected individuals complimentary credit monitoring and faces multiple class-action lawsuits. The exposure of Social Security numbers, dates of birth and medical information for tens of millions of people creates a durable, long-tail risk of identity theft and medical fraud that will outlast the operational recovery from the ransomware attack itself.
Timeline
Intruders later linked to the SafePay ransomware group begin accessing Conduent's network.
Conduent detects the intrusion and cuts off the unauthorised access after nearly three months.
SafePay adds Conduent to its data-leak site, claiming to have stolen roughly 8.5 terabytes of data.
Regulatory filings revise the number of affected individuals upward to about 25 million.
The HHS Office for Civil Rights breach portal is updated to 62,224,658 individuals, ranking the incident as the third-largest U.S. healthcare data breach on record.
Sources
- bankinfosecurity.comhttps://www.bankinfosecurity.com/conduent-hack-victim-count-now-tops-622-million-a-31900
- hipaajournal.comhttps://www.hipaajournal.com/conduent-business-solutions-data-breach/
- paubox.comhttps://www.paubox.com/blog/conduent-breach-hits-62m-ranking-third-largest-in-us-healthcare-history
- malwarebytes.comhttps://www.malwarebytes.com/blog/news/2026/02/the-conduent-breach-from-10-million-to-25-million-and-counting