Conduent data breach overview:
- Who: Multiple plaintiffs have filed class action lawsuits against Conduent Business Services LLC.
- Why: Plaintiffs allege Conduent failed to secure and safeguard the PII and PHI of 10.5 million individuals in a breach that now ranks as the eighth-largest healthcare data breach in U.S. history.
- Where: The lawsuits were filed in New Jersey federal court.
Conduent is facing a growing wave of federal class action lawsuits after a massive data breach exposed the personal and health information of more than 10.5 million insurance customers — an incident that court filings say ranks as the eighth-largest healthcare data breach ever recorded.
The scale of the litigation is similarly significant. With at least 10 class actions filed so far, the Conduent data breach litigation is quickly becoming one of the largest healthcare-related data breach cases to date.
Conduent provides technology-driven services to many of the most prominent players in the healthcare and pharmaceutical industries, including several major Blue Cross Blue Shield entities and Premera Blue Cross.
In one of the newest class action lawsuits, filed Nov. 4, plaintiff Brandon Berkenfeld alleges Conduent discovered in January that an unauthorized third party had infiltrated its systems from October 2024 to January 2025 and exfiltrated files containing names, Social Security numbers, dates of birth, medical information and health insurance data.
Berkenfeld claims Conduent failed to safeguard this sensitive information and did not provide timely notice to those affected. He seeks to represent a nationwide class of individuals whose PII and PHI were accessed or acquired during the breach.
Eighth-largest healthcare data breach ever, complaints say
Court filings describe the breach and the ensuing litigation as unprecedented. Plaintiffs argue the breach’s massive scope places it among the top 10 largest healthcare data breaches in U.S. history, with more than 10.5 million patients affected.
In a separate class action lawsuit, plaintiff Eric Larson of Montana alleges that Conduent and Blue Cross Blue Shield of Montana violated HIPAA, the Federal Trade Commission Act and other laws by failing to implement adequate cybersecurity safeguards and delaying breach notifications. He also claims the stolen data has already been published on the dark web, leaving victims at “imminent, immediate and continuing increased risk” of identity theft and financial harm.
Across the growing list of cases, plaintiffs collectively accuse Conduent of negligence, negligence per se, breach of third-party beneficiary contract and unjust enrichment.
The class action lawsuits seek class certification, compensatory and statutory damages, and injunctive relief requiring Conduent to upgrade its cybersecurity practices and monitoring protocols.
Blue Shield of California faced a similar lawsuit earlier this year, alleging patient data was exposed through its use of Google Analytics.
What do you think of the allegations made in these Conduent data breach lawsuits? Let us know in the comments.
The proposed classes are represented by Lite DePalma Greenberg & Afanador LLC, Milberg PLLC, Morgan & Morgan PA, The Dann Law Firm, Edelson Lechtzin LLP, Carella Byrne Cecchi Brody & Agnello PC, Goetz Geddes & Gardner PC, Kimmel & Silverman PC, Wolf Haldenstein Adler Freeman & Herz LLP, and Schubert Jonckheer & Kolbe LLP.
The Conduent data breach class action lawsuits are in the U.S. District Court for the District of New Jersey and include:
- Kennedy et al. v. Conduent Business Services LLC et al., Case No. 2:25-cv-17233
- Larson v. Conduent Business Services LLC et al., Case No. 2:25-cv-17242
- Bianco v. Conduent Business Services LLC, Case No. 2:25-cv-17177
- Burwell v. Conduent Business Services LLC, Case No. 2:25-cv-17170
- Fray et al. v. Conduent Business Services LLC, Case No. 2:25-cv-17137
- Waters et al. v. Conduent Business Services LLC et al., Case No. 2:25-cv17218
- Heller v. Conduent Business Services LLC, Case No. 2:25-cv-17209
- Moody et al. v. Conduent Business Services LLC, Case No. 2:25-cv-17227
- Berkenfeld v. Conduent Business Services LLC, Case No. 2:25-cv-17197
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
- New Visa Mastercard settlement expected to save merchants more than $200 billion in card fees, ending two decades of antitrust litigation
- Class action accuses U-Haul of deceptive ‘drip pricing’ that hides fees
- ByHeart recalls infant formula due to potential botulism risk
- Class action accuses Modern Gents of advertising fake jewelry discounts
161 thoughts on10.5M records exposed: Conduent faces massive litigation over the 8th largest healthcare data breach in U.S. history
I also received a letter today 2026-02-05 dated 2025-12-31 from Conduent.
They state my personal information was compromised in a data breach that occurred between 2024-Oct and 2025-Jan. It took them an entire year to get this letter to me notifying me of this. The response time to consumers is completely unacceptable. This company and the company that entrusted them with this data should be held liable for this breach. Conduent for not implement property security measures and the company that gave them our information without ensuring our data would be safe.
How do get in on this class action. My personal information was stolen bc of them
I am writing to formally notify Conduent Business Services, LLC of my concerns regarding your company’s failure to adequately safeguard my personal and protected health information, which was compromised as a result of a data breach attributed to your systems and/or business operations.
As an entity entrusted with sensitive personal data, including protected health information (“PHI”), Conduent Business Services, LLC has a legal and ethical obligation to implement and maintain reasonable administrative, technical, and physical safeguards to protect such information. The exposure of my data constitutes a serious failure to meet these obligations and may represent violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), including but not limited to the HIPAA Privacy Rule and Security Rule (45 C.F.R. Parts 160 and 164).
In addition to potential federal violations, this incident may also violate applicable state data protection and privacy laws, including state breach notification statutes and consumer privacy protections, which require timely notice, reasonable security measures, and mitigation efforts when personal information is compromised.
As a result of this breach, I face ongoing risk of identity theft, medical identity theft, financial fraud, and misuse of my private health information. The emotional distress and burden of monitoring and protecting my personal and medical identity are direct consequences of your company’s failure to adequately protect the data entrusted to it.
Accordingly, I am formally requesting to be included as an affected individual and participant in any existing or future class action lawsuit, settlement, or legal proceeding arising from this data breach. I wish to preserve all rights and remedies available to me under federal and state law.
Please provide written confirmation of receipt of this letter and advise of any steps required to ensure my inclusion in related legal actions. I also request detailed information regarding:
The specific categories of personal and health information that were compromised
The date(s) and scope of the breach
When and how the breach was discovered
Measures taken to prevent further unauthorized access
Any remediation or credit/identity monitoring services being offered to affected individuals
I expect prompt, transparent communication regarding this matter. Failure to adequately address these issues may result in further legal action or complaints filed with appropriate regulatory authorities.
Thank you for your attention. I look forward to your timely response.
I received the letter today that my social security number and other personal information was leaked and I have been affected by this breach. I need help I want to sue
Got the letter yesterday telling me I was affected
Hello, I am reaching out regarding the Conduent data breach. My mother received a notification letter stating that her personal information, including her Social Security number, was exposed in a cyberattack. The letter is dated December 31, 2025, but we did not receive it until February 5, 2026.
We are concerned about the exposure of her sensitive information and would like to know if she qualifies to join any current or upcoming class action lawsuits related to this breach. Please let us know what documentation you need from us.
Thank you.
I received an letter about the data breach and would like to know next steps
Yes I received the letter about my information breach
I just received mail today Feb. 4, 2026 that both my & my deceased spouses information were part of this breach. The letter is dated Dec 31,2025, but I just got it today, Feb. 4, 2026.
The letter(s) state that the breach was discovered Jan 11, 2025, and that a third party accessed the records Oct. 21, 2024 to Jan. 13, 2025.
It should be noted that my spouse died April 17, 2022, so his data should NOT have been part of ANY data tied to medical records in the time period of the breach.
I just received mail today Feb. 4, 2026 that both my & my deceased spouses information were part of this breach. The letter is dated Dec 31,2025, but I just got it today, Feb. 4, 2026.
The letter(s) state that the breach was discovered Jan 11, 2025, and that a third party accessed the records Oct. 21, 2024 to Jan. 13, 2025.
It should be noted that my spouse died April 17, 2022, so his data should NOT have been part of ANY data tied to medical records in the time period of the breach.
Received a letter in the mail from CONDUENT Secure Processing Center P.O. Box 3826 Suwannee, GA 30024 stating “On January 13, 2025, we discovered that were the victim of a cyber incident… Our investigation determined that an unauthorized third party had access to our environment from October 21, 2024, to January 13, 2025, and obtained some files associated with your current or former health plan… The affected files contained your name and the following: Address and Social Security Number”. I am seeking compensation for this hardship, given the fact that my personal identifying information has been leaked along with thousands of others and I was not notified until a year later today, on February 4, 2026. Please contact me as I plan to pursue this and seek justice. As of today, I have frozen my credit on the three credit agencies but this is not enough for protection.
Yes I have received a letter in the mail regarding about my identity being taken at this anything or anybody can help me with this please get back with me as soon as possible