Conduent Hack Victim Count Soars to Over 62 Million, Becoming One of Largest Health Data Breaches
Back-office services provider Conduent Business Services has disclosed that its 2024 data breach now impacts over 62.2 million individuals, more than doubling the initial estimate and positioning it as one of the largest health data breaches on record.
Conduent Business Services, a major provider of back-office support for businesses and governments, has significantly revised its estimate of victims affected by a 2024 data breach. The company now reports that over 62.2 million individuals have had their personal and health information compromised, a dramatic increase from earlier estimates that placed the number at around 25 million.
This escalating victim count places the Conduent breach among the top three largest health data breaches ever reported to U.S. federal regulators. It now rivals the nearly 79 million individuals affected by a 2015 breach at health insurer Anthem Inc., which for years was considered the largest health data breach. The record was recently surpassed by the Change Healthcare incident, which impacted approximately 193 million people.
The company, which spun off from Xerox in 2017, first publicly disclosed the breach in April 2025, noting that its investigation traced unauthorized access to Conduent servers between October 21, 2024, and January 13, 2025. The compromised data potentially includes sensitive information such as names, addresses, dates of birth, Social Security numbers, and health insurance details.
Conduent has stated that its process of notifying affected individuals on behalf of its clients is now effectively complete and does not anticipate further significant increases in the victim count. The company also emphasized that there is currently no evidence that the stolen data has been misused or made publicly available, though it continues to monitor the situation closely.
The ransomware gang SafePay had previously listed Conduent as a victim in February 2025, threatening to release 8.5 terabytes of stolen data. The significant increase in the victim count highlights the complexities involved in accurately assessing the scope of breaches affecting large vendors that serve numerous clients.
Experts note that determining the precise number of affected individuals in such incidents can be challenging due to factors like potential duplicate counting and the distributed nature of data across multiple systems and clients. The healthcare sector, in particular, involves a complex ecosystem of payers, providers, and suppliers, making data tractability and control difficult.
In the wake of the breach, Conduent faces numerous civil class-action lawsuits and investigations from multiple state attorneys general and federal regulators. The company's revenue in 2025 was reported at $3 billion, underscoring its significant role in the global business services landscape.
The revised victim tally serves as a stark reminder of the pervasive risks associated with third-party data handling and the critical need for robust security measures to protect sensitive personal and health information in an increasingly interconnected digital environment.