Conduent, a company specializing in business services related to healthcare billing, is beginning to notify individuals impacted by a major data breach that has affected 10.5 million people, categorizing it as one of the largest breaches of its type. Notification letters issued by Conduent to state attorneys general indicate that some individuals had their names and Social Security numbers compromised by an unidentified third party.

As reported by The HIPAA Journal, this data breach ranks as the eighth-largest healthcare data breach ever documented.

In a notice sent to residents of Maine, Conduent mentions, “Currently, we have no proof or indication of actual or attempted misuse of your personal information.”

Conduent provides medical billing, Medicaid screening, toll collection, and a range of additional services to businesses and government entities globally, thus giving it access to extremely sensitive personal information.

Numerous states mandate that organizations inform residents when their data has been compromised. Recently, Conduent has begun dispatching notifications to various state attorney general offices and to the individuals affected, as stated by the company.

The Oregon Department of Justice Consumer Protection Division has indicated that the breach influenced 10,515,849 individuals. In October, Conduent notified the New Hampshire Attorney General that “the personal details of those affected included their name and Social Security number.”

It is still uncertain whether all 10.5 million individuals affected had their Social Security numbers compromised. Mashable reached out to Conduent for further details and will provide updates if a response is obtained.

The data breach was discovered by Conduent on January 13, 2025, with reports indicating that an “unauthorized third party” gained access to part of its system from October 21, 2024, to January 13, 2025.

“On January 13, 2025, we identified that we were subjected to a cyber incident that affected a limited segment of our network. We promptly secured our networks and started an investigation with the help of third-party forensic professionals. Our investigation revealed that an unauthorized third party had access to our environment from October 21, 2024, to January 13, 2025,” states the template of a notification letter dispatched to Maine residents.

The letter further mentions that “Conduent has been actively collaborating with a specialized review team, including both internal and external experts, to perform a comprehensive analysis of the impacted files to determine the personal information contained within.”

Recent years have seen large-scale data breaches affecting many private and public organizations. Two recent breaches at AT&T culminated in a $177 million class action settlement.

When cybercriminals access sensitive data, including names, birth dates, and Social Security numbers, victims face an increased risk of identity theft. If you suspect that your personal information has been compromised, you can take proactive measures to safeguard yourself from scammers and identity thieves.

Do you have a story to share regarding a scam or security breach that affected you? We’d like to hear from you. Please email [email protected] with the subject line “Safety Net” or use this form. Someone from Mashable will reach out.