Conduent data breach could be largest in U.S. history

AUGUSTA, Ga. (WRDW/WAGT) – The Texas Attorney General is calling it the largest data breach in U.S. history, and letters are already going out to those affected.

That includes people right here in the CSRA.

The breach involves Conduent Business Services, a company that provides third-party printing, mailroom services and back-office support services.

Many people may not recognize the company name, but it works with major corporations including Blue Cross Blue Shield of Texas, where millions of customers were affected.

According to the Oregon Department of Justice, which keeps a running count of those affected on its website, the number has already surpassed 10 million people

Breach timeline and scope

The company discovered it was the victim of a cyber attack on January 13, 2025. The investigation determined that hackers had access to sensitive data from October 21, 2024, to January 13, 2025 — just under three months.

Reports show the breach has affected people in Georgia, South Carolina, New Jersey, New Hampshire, Maine, Massachusetts and New Mexico.

Experts fear the list is growing.

What information was compromised

The breach exposed different types of information depending on the affected individual. Some people had their addresses and Social Security numbers accessed, while other customers are being told the breach exposed medical data and health insurance information.

The notification letters do not specify which company hired Conduent’s services, making it difficult for affected individuals to know the original source of their compromised data.

Free credit monitoring offered

Those affected can receive free credit monitoring for one year through the breach notification. People who receive letters must sign up by April 30, 2026, to access the monitoring services.

The letters include a phone number for questions: 877-332-1658, available Monday through Friday from 9 a.m. to 9 p.m. Eastern Time.

What to do if you receive a letter

Officials stress that people should not throw away these notification letters, as this is a legitimate data breach and not a scam. Those who want the free credit monitoring must follow the information provided in their specific letter to sign up before the April 30 deadline.

How to protect yourself

Security experts recommend several steps to protect against identity theft following a data breach:

• Consider freezing your credit with all three major credit bureaus: Equifax, Experian and TransUnion. Credit freezes are free and prevent new accounts from being opened in your name.
• Monitor your credit reports regularly for suspicious activity or accounts you did not open.
• Review bank and credit card statements carefully for unauthorized transactions.
• Be alert for phishing emails or calls claiming to be related to the breach.
• Consider placing fraud alerts on your credit files, which require creditors to verify your identity before opening new accounts.

Copyright 2026 WRDW/WAGT. All rights reserved.