02.4.2026 Brittani Yeager
Estimated Reading Time: 5 Minutes
By now, you may have seen the headlines – or you’re about to. A ransomware attack on Conduent has potentially exposed the personal information of at least 26 million Americans. Some are already calling it one of the largest data breaches in U.S. history. As a business, this is a time to show up for your customers. Here’s what you need to know and how you can help the people you serve take action.
Who is Conduent?
Conduent Business Services is a U.S.-based provider of administrative and payment services to health plans, state government benefit operations, and other large employers. Its clients include Humana, Blue Cross Blue Shield of Illinois, Blue Cross Blue Shield of New Mexico, and Blue Cross Blue Shield of Texas, according to NJ.com. Your customers likely never have heard of Conduent, but there’s a strong chance their personal data moved through its systems as part of routine benefits and payment processing – without them ever knowing.
What Happened with the Conduent Data Breach, and What Information Was Breached?
Between October 2024 and January 2025, cybercriminals gained unauthorized access to Conduent’s systems, breaching many customers’ data, including:
-
Names
-
Contact information
-
Social Security numbers (SSNs)
-
Medical history information
-
Health insurance information
At present, at least 26 million individuals across the United States are believed to be affected, with particularly high concentrations in Oregon (10.5 million) and Texas (15.4 million). Reports show the breach has affected other individuals in Georgia, South Carolina, New Jersey, New Hampshire, Maine, Massachusetts, and New Mexico. While Conduent disclosed the breach in April 2025, the estimated number of affected consumers has been rising in early 2026 as more households and companies receive official notices of exposure and state governments acknowledge the incident.
5 Steps to Share with Your Customers Right Now
One of the most valuable things a business can do in the wake of a breach is communicate clearly and proactively. Even if your customers haven’t received an official notice, encourage them to take the following protective steps – because when it comes to identity protection, early action makes all the difference.
1. Monitor Their Most Sensitive Information
Encourage customers to keep a close watch on their SSN, date of birth, health insurance details, and financial accounts. An identity monitoring service can alert them if their information surfaces somewhere it shouldn’t – like the dark web or an unauthorized account application.
2. Enable Multi-Factor Authentication (MFA)
Remind customers to enable multi-factor authentication across their online accounts, particularly for sensitive accounts (e.g., email, bank, insurance). It’s one of the simplest, most effective ways to block unauthorized access – even if a bad actor already has their password.
3. Review Financial Accounts and Credit Reports
Advise customers to review bank statements and credit card accounts regularly, and to pull their free credit reports from Equifax, Experian, and TransUnion at AnnualCreditReport.com. They should look for unfamiliar accounts, unexpected hard inquiries, or any changes they didn’t initiate.
4. Lock Their SSN and Set Up an SSA Account
Share with customers that they can create an account at ssa.gov to monitor their Social Security statement and flag suspicious activity. They can contact the SSA or use the government’s E-Verify service to self-lock their SSN, preventing it from being used for unauthorized employment verification – a simple but powerful step that’s often overlooked.
5. Place a Credit Freeze or Fraud Alert
A credit freeze is one of the strongest defenses against new fraudulent accounts being opened. It’s free and can be lifted temporarily when needed. For customers who want a lighter-touch option, a fraud alert – which requires lenders to verify identity before extending credit – is another solid choice. Contacting just one credit bureau (Equifax, Experian, or TransUnion) is enough to trigger a fraud alert; they’re required to notify the others.
How Iris® Powered by Generali Supports You and Your Customers
This is exactly the kind of situation the Iris platform was built for — not simply to monitor risk, but to respond decisively when customers are impacted.
As an Iris partner, if we detect that your customers’ data has been exposed as part of this or any other breach, we will proactively alert portal users, reminding them of the actions they can take to help protect themselves with clear, step-by-step guidance. Our U.S.-based, white-glove resolution specialists are also available to take over recovery work if your customers experience identity fraud, so they are never left to navigate the fallout alone. Our specialists know exactly what next steps to take and handle every call with compassion and empathy, so that every customer feels heard, comforted, and relieved.
It’s a sobering reality that breaches of this magnitude are becoming more and more a reality. However, moments like this are also an opportunity. When businesses communicate quickly and clearly – and point customers toward real resources – they build the kind of trust that lasts. We’re here to help you do exactly that. Contact us today to get started.
Interested in learning more about the Iris platform?
.png?width=102&height=102&name=Iris-Generali-Logo-White%20(1).png){kind=logo}
