Florham Park, NJ – A Morris County-based company that processes sensitive data for businesses and government agencies is facing mounting scrutiny following a massive data breach that potentially exposed the personal information of millions of Americans. Conduent Business Services first detected the network intrusion in January 2025, but an internal investigation revealed hackers had access to its systems from October 21, 2024, to January 13, 2025.
The compromised data may include names, addresses, Social Security numbers, dates of birth, medical information and health insurance details, raising concerns about potential identity theft and fraud. While Conduent states that, to date, there is no evidence the data has been misused, the scale of the breach is staggering.
The full extent of the cyberattack remains under investigation, but reports indicate the breach has impacted individuals across the country. The Oregon Department of Justice has issued a consumer protection alert stating that 10.5 million individuals were affected. Nearly 11,000 residents of New Hampshire have also been notified, and officials in Texas claim the breach exposed the data of 4 million residents – a number that has since been revised upwards.
The Texas Attorney General, Ken Paxton, announced last week that his office has launched a formal investigation into the incident. “The Conduent data breach was likely the largest breach in U.S. History,” Paxton said in a press release. “If any insurance giant cut corners or has information that could help us prevent breaches like this in the future, I will work to uncover it.”
Recent reports indicate the number of individuals affected has climbed significantly. As of February 9, 2026, estimates now place the total number of impacted Americans at 25 million, including roughly half of the population of Texas, according to Yahoo Finance. The revised figure for Texas alone is 15.4 million, a 285% increase from the initial estimate.
Conduent, a spin-off of Xerox, provides a range of business process services, including mailroom management, payment processing, and administrative support to government agencies and large corporations. The company’s website states it works with nearly half of the Fortune 100 companies and over 600 government and transportation agencies. Clients include Humana, Blue Cross Blue Shield of Illinois, Blue Cross and Blue Shield of New Mexico, and Blue Cross and Blue Shield of Texas.
The breach has triggered a wave of litigation. Multiple class action lawsuits have been consolidated in federal court in New Jersey, alleging that Conduent failed to implement adequate security measures to protect sensitive personal and health data and delayed notifying victims after discovering the intrusion. A plaintiffs’ steering committee was appointed in December to oversee the litigation, which could result in substantial damages and regulatory penalties for the company.
Conduent has stated it is cooperating with investigators and acted promptly to contain and investigate the incident, following established incident-response protocols. “We look forward to working cooperatively with the Texas Attorney General’s Office to provide the relevant information, consistent with our longstanding practice of constructive engagement with regulators,” the company said in a statement to NJ.com.
It remains unclear whether any New Jersey residents were impacted by the breach. The scope of the attack continues to be assessed, and authorities are working to determine the full extent of the damage and potential risks to affected individuals.
