A government contractor you've probably never heard of just exposed the personal data of more than 10 million Americans - and the number is still climbing. Conduent Business Services, which handles printing and back-office work for state benefit programs, suffered what the Texas Attorney General is calling "the largest data breach in U.S. history."
Here's what makes this particularly bad: hackers had access to the systems for three months - from October 21, 2024, through January 13, 2025, when the breach was finally discovered. That's not a smash-and-grab. That's someone rummaging through your filing cabinets for a quarter of a year.
The exposed data varies by victim but includes the worst-case scenario stuff: Social Security numbers, addresses, medical records, and health insurance information. States confirmed affected so far include Georgia, South Carolina, New Jersey, New Hampshire, Maine, Massachusetts, and New Mexico. One of Conduent's major clients was Blue Cross Blue Shield of Texas, affecting millions of insurance customers.
But here's the deeper problem: most victims receiving notification letters don't even know which original company hired Conduent. That's the outsourcing chain at work - your state contracts with a company, which subcontracts to another company, and somewhere down the line your data ends up with a vendor you never consented to trust.
This breach is a wake-up call about how we've privatized critical government infrastructure. States contract these services to the lowest bidder, who then becomes a single point of failure for millions of citizens. When welfare, unemployment, and child support systems all run through the same contractor with inadequate security, one breach becomes everybody's problem.
Those affected get one year of free credit monitoring - if they sign up by April 30, 2026. One year. For a breach that exposed Social Security numbers that will be valid for your entire lifetime. The technology is impressive. The question is whether anyone should have trusted it with this much sensitive data in the first place.
