Data Breach Notification,
Data Security,
Healthcare
State Officials Investigate Breach of Back-Office Services Provider Uncovered in 2025
The Conduent Business Services data breach, initially reported in 2024, has escalated significantly, with recent disclosures indicating that over 25 million individuals have been impacted across the United States. The organization, a spinoff of Xerox based in Florham Park, New Jersey, informed Wisconsin regulators of the updated figure, which includes a prior estimate of approximately 15.5 million Texans, among them four million members of Blue Cross Blue Shield of Texas.
Texas Attorney General Ken Paxton has since announced an investigation into what he suggested could be “the largest breach in U.S. history,” underscoring the gravity and scope of this incident. However, it is essential to note that, despite the alarming numbers reported, this breach is still not the largest in U.S. cybersecurity history. That dubious title remains with Change Healthcare, a division of UnitedHealth Group, linked to a 2024 ransomware attack affecting 193 million individuals.
This incident has garnered attention beyond Texas, with the Montana Attorney General’s office also launching an inquiry, seeking to understand the ramifications for approximately 462,000 members of Blue Cross Blue Shield of Montana.
Among the healthcare insurers affected by the breach, Premera Blue Cross and Humana are notable clients of Conduent. Moreover, Volvo disclosed that the personal and health plan information of around 17,000 employees were also compromised due to the breach.
The incident points to increasingly prevalent threats in the cybersecurity landscape. Darkweb monitoring platform Ransomware.live indicated that the ransomware group SafePay had targeted Conduent, threatening to release 8.5 terabytes of stolen data that could include sensitive information such as names, social security numbers, and medical details.
Conduent publicly acknowledged the breach in April 2025 through a filing with the U.S. Securities and Exchange Commission, disclosing that their infrastructure was compromised between October 21, 2024, and January 13, 2025, when the breach was first detected.
From a cybersecurity perspective, this incident illustrates the potential application of various MITRE ATT&CK tactics, such as initial access through vulnerabilities in Conduent’s systems, persistence in maintaining unauthorized access, and techniques for privilege escalation. The broad impact on individuals’ personal and health information further emphasizes the need for vigilant risk management strategies in the healthcare sector and beyond.
Conduent has refrained from providing additional commentary or details regarding the increased victim count, but the ongoing investigations are likely to reveal more as they progress.