Conduent, a major government payments and services contractor, confirmed that a cyberattack disrupted operations across multiple U.S. states after the company detected unauthorized activity in January 2025. Reporting at the time said the outage affected government technology and payment services, while later disclosures stated an unauthorized third party had access to part of Conduent’s network from October 21, 2024, through January 13, 2025. A subsequent SEC filing indicated the company was continuing to assess the incident and its downstream impact on customers and individuals.
By early 2026, the scope had widened dramatically: media reports and a Missouri Department of Commerce and Insurance bulletin said files exposed in the breach contained names, addresses, Social Security numbers, and medical records, with 25 million or more Americans potentially affected. Missouri regulators said Conduent had not provided enough information to determine the impact on insurance consumers and asked insurers and other regulated entities that used Conduent during the exposure window to report their involvement, raising the prospect that the incident could rank among the largest U.S. data breaches on record.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
10 events from the most recent confirmed update back to the earliest known activity.
On May 5, 2026, the Missouri Department of Commerce and Insurance issued Insurance Bulletin 26-08 as an addendum concerning the Conduent breach. The bulletin summarized the intrusion timeline, cited media estimates of 25 million or more affected Americans, and reminded regulated entities of breach-reporting obligations.
The Missouri Department of Commerce and Insurance said it had been in direct contact with Conduent since March 17, 2026, but had not received enough information to assess the breach's impact on insurance consumers. The department later asked insurers and regulated entities that used Conduent during the breach period to provide details.
Fox Business reported that the Conduent cybersecurity incident affected 25 million Americans, reinforcing the scale of the breach described in earlier reporting. The report framed the incident as one of the largest known U.S. data breaches.
By early February 2026, reporting indicated the Conduent breach may have exposed data belonging to 25 million or more Americans, suggesting the incident was far larger than initially understood. The exposed information was reported to include sensitive personal and medical data.
In a September 30, 2025 SEC filing, Conduent provided formal disclosure about the cybersecurity incident and its effects. The filing documented the breach as a material corporate event for investors and regulators.
Conduent confirmed that it had suffered a cyberattack impacting services in multiple U.S. states, including government payment-related operations. This marked the company's public acknowledgment that the outage was tied to a cybersecurity incident.
As a prolonged outage affected Conduent services, the company said it would not rule out a cyberattack as the cause. The disruption drew attention because Conduent provides technology services tied to government operations.
Conduent discovered on January 13, 2025, that an unauthorized third party had accessed part of its network. The access period was later described as lasting from October 21, 2024, through January 13, 2025.
Conduent's investigation found that threat actors obtained files connected to services it provides to Humana, Inc. The exposed data reportedly included names, Social Security numbers, medical data, and health insurance information.
An unauthorized third party began accessing part of Conduent's network on October 21, 2024. Files in the affected environment reportedly contained personal data including names, addresses, Social Security numbers, and medical records.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
7 references tracked. Mallory keeps watching after this page renders.
foxbusiness.com
Open sourcetechradar.com
Open sourcesec.gov
Open sourcecybersecuritydive.com
Open sourcetechcrunch.com
Open sourcecyber.nj.gov
Open sourceinsurance.mo.gov
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.