WASHINGTON — More than 10 million individuals are currently receiving notifications from Conduent, a business services provider, alerting them to a data breach that occurred in January. This breach resulted in the theft of their personal data from the company’s servers.

Conduent is known for offering diverse services to both businesses and government agencies, including medical billing, automated fee collection, and Medicaid screening.

In January 2025, a disruption affected several state government agencies. It was only months later that Conduent informed the Securities and Exchange Commission about a cyberattack that compromised personal information stored in their systems.

The company revealed that the unauthorized access began on October 21, 2024, and it wasn’t until January 13, 2025, that the hackers were identified and expelled from the network.

Details from the Oregon state government show that more than 10.5 million people had their personal information stolen in the hack. 

According to HIPPAJournal.com, which provides information about medical services, the hack ranks eighth in the list of largest healthcare breaches in the world. 

Earlier this month, Conduent began notifying the people affected by the hack that their information had been obtained by malevolent actors. The company also sent notices to Attorneys General in several states informing them that they were preparing to send letters to thousands of people in their states. 

Over the nearly three months hackers were in the Conduent network, they were able to steal various files containing personal information from people who used the company’s services. Some of the information stolen included names, addresses, dates of birth, Social Security numbers, health insurance details and medical information. 

Conduent will not provide identity theft protection services to the millions of people affected by the hack. Instead, the letter they are providing to affected users encourages them to get a free credit report and put freezes on their credit. 

“Upon discovery of the incident, we safely restored our systems and operations and notified law enforcement,” the company wrote to affected users. “We are also notifying you in case you decide to take further steps to protect your information should you feel it appropriate to do so.”

Conduent said it was not aware of any of the data being used for fraud since the hack.