A Morris County company that provides administrative services for businesses and government agencies has agreed to cooperate with investigators seeking information about a massive data breach that exposed millions of individuals’ sensitive personal and medical information.

Conduent Business Services, based in Florham Park, first discovered that its network had been compromised in January 2025, according to a notice on the company’s website.

An internal investigation determined that hackers accessed the company’s network from Oct. 21, 2024, to Jan. 13, 2025, and obtained files that contain individuals’ personal information. The stolen information may include names, addresses, social security numbers, dates of birth, medical information, and health insurance information.

“To date, there is no evidence that any underlying data has been misused, posted, or made publicly available, and we continue to monitor closely,” the company said in a statement sent to NJ.com.

It’s unclear exactly how many people were affected, but it’s “a significant number,” according to a disclosure form filed with the United States Securities and Exchange Commission.

The full scope and scale of the cyberattack is still being determined but it includes millions of people nationwide. A consumer protection alert from the Oregon Department of Justice reports that 10.5 million individuals were affected in the breach. A letter sent to the New Hampshire Attorney General’s office reports nearly 11,000 affected residents in the Granite State. Down in Texas, state officials claim the cyberattack exposed 4 million residents.

It’s unclear if any New Jerseyans were impacted.

Conduent, a spin-off of Xerox, is a publicly traded company that offers mailroom, payment, and other business support services. According to its website, Conduent works with nearly half of Fortune 100 companies and more than 600 government and transportation agencies. Among its clients are Humana, Blue Cross Blue Shield of Illinois, Blue Cross and Blue Shield of New Mexico and Blue Cross and Blue Shield of Texas.

Texas Attorney General Ken Paxton announced last week his office was investigating the Conduent data breach.

“The Conduent data breach was likely the largest breach in U.S. history. If any insurance giant cut corners or has information that could help us prevent breaches like this in the future, I will work to uncover it,” said Paxton in a press release.

In a statement sent to NJ.com, Conduent said it would comply with investigators.

“We look forward to working cooperatively with the Texas Attorney General’s Office to provide the relevant information, consistent with our longstanding practice of constructive engagement with regulators,” the company said.

There’s also a pending class action lawsuit against Conduent in New Jersey federal court stemming from the data breach. The consolidated litigation alleges the company failed to implement basic security measures, leaving millions of individuals’ sensitive personal and medical information exposed.

Conduent maintains that it acted promptly and in accordance with incident‑response protocols to contain and investigate the incident.

Source link