This is not a drill. 25 million records are already out there.
A ransomware gang called Safepay broke into Conduent — a massive business process outsourcing company that handles benefits administration, payroll processing, and healthcare claims for hundreds of government agencies and Fortune 500 corporations. They didn't just look around. They took everything.
When the breach was first disclosed, the estimate was 10 million victims. Then it became 15 million. Then companies started coming forward one by one — state agencies, healthcare systems, corporate HR departments — and the number ballooned to 25 million people. And those are just the entities that have disclosed it so far.
The data stolen includes the most sensitive combination possible: full names, addresses, dates of birth, Social Security numbers, medical information, and health insurance details. That's not a partial breach. That's the complete package a fraudster needs to open credit accounts, file false tax returns, obtain medical services in your name, and destroy your credit score before you even realize anything happened.
Conduent began mailing breach notification letters to victims in late February and early March 2026. If you or anyone in your household worked for a company that outsourced HR or benefits to Conduent, received government benefits through a Conduent-managed system, or received healthcare through a Conduent-connected network — your data may already be in criminal hands. Do not wait for a letter to take action.
The numbers that should alarm every American
That 80% figure isn't a typo. A survey from the Identity Theft Resource Center found that 8 out of every 10 Americans received at least one data breach notification letter in 2025. The Conduent breach alone doubled down on that statistic with one of the largest single-incident exposures in U.S. history.
What makes this breach especially dangerous is who Conduent serves. This isn't a retail loyalty card program or a gaming platform. Conduent processes benefits for state Medicaid programs, manages HR systems for large employers, and handles payroll for government contractors. The victims aren't just people who clicked a sketchy link — they're people who had no choice but to give their information to systems they never directly chose to use.
Who Safepay is — and why this matters
Safepay is a professional ransomware operation. They don't just encrypt files and demand payment — they exfiltrate data first, meaning they download everything before locking it. This gives them two leverage points: the ransom demand, and the threat to sell or publish the stolen data if the ransom isn't paid. In many cases, even after a ransom is paid, the data stays in circulation — sold on dark web marketplaces or held for future use.
This is why breach notification letters are often just the beginning. The stolen data doesn't expire. A Social Security number stolen today can be weaponized a year from now, when the initial panic has died down and your guard is lower.
"A breach notification letter means the damage may already be done — what matters now is how fast you move to contain the blast radius." — NMD ZAZA
What the fraudsters will do with your data
If your information is in this breach, here's the playbook criminals run — and it moves fast:
| Fraud Type | What They Do | Threat Level |
|---|---|---|
| New account fraud | Open credit cards, auto loans, personal loans in your name | Critical |
| Tax fraud | File a fraudulent tax return before you do, collect your refund | Critical |
| Medical identity theft | Use your insurance to receive medical services, rack up bills in your name | Critical |
| Synthetic identity fraud | Combine your SSN with a different name and birthday to build a "new" credit file | High |
| Account takeover | Use your personal data to reset passwords and take over existing accounts | High |
The NMD action plan — move right now
Waiting is the worst option. Every day of inaction is a day your information can be used against you. Here's the exact sequence to lock things down:
- 1 Freeze your credit at all three bureaus immediately. This is the single most powerful thing you can do. A credit freeze prevents anyone from opening new credit accounts in your name. It's free, it's instant, and you can lift it temporarily when you need to apply for credit. Go directly to Equifax.com, Experian.com, and TransUnion.com — do all three. Also freeze at ChexSystems (banking) and NCTUE (utility accounts).
- 2 File your taxes immediately if you haven't already. Tax fraud from SSN theft is rampant. Criminals file fraudulent returns in January and February to beat you to your own refund. If you haven't filed yet, file now — even if it's a basic extension. The IRS also offers an Identity Protection PIN (IP PIN) at IRS.gov that adds a layer of protection to your filing.
- 3 Pull all three of your credit reports right now. Go to AnnualCreditReport.com. You're entitled to free weekly reports from all three bureaus. Look for any accounts, inquiries, or addresses you don't recognize. If you see anything new that you didn't open, dispute it immediately in writing — certified mail, not online forms.
- 4 Report to the FTC and IdentityTheft.gov. If you believe your information was used fraudulently, go to IdentityTheft.gov. The FTC will generate a personalized recovery plan, create official documentation you'll need to dispute fraudulent accounts, and provide an identity theft report that carries legal weight with creditors and bureaus.
- 5 Monitor your medical and insurance accounts. The Conduent breach included medical information. Check your Explanation of Benefits (EOB) statements for services you didn't receive. Call your insurance provider to ask about any claims filed in your name recently. Medical identity theft can be harder to detect and takes longer to unwind.
- 6 Set up fraud alerts and account monitoring. A fraud alert on your credit file requires lenders to verify your identity before opening new accounts. Unlike a freeze, a fraud alert doesn't block access — it triggers a warning. You can use both: freeze for the strongest protection, with a fraud alert as an additional flag. Check your bank and credit card accounts daily for unauthorized transactions.
Why this keeps happening — and why you need automated protection
This is the third major breach involving tens of millions of Americans in the past 18 months. LexisNexis was hit before Conduent. Before that, National Public Data. And with the CFPB defanged and data broker oversight in shambles, the infrastructure that's supposed to protect you is running on fumes.
The hard truth: your personal data is already in multiple criminal databases. It was probably there before this breach. The question isn't whether you're exposed — it's whether you have systems in place to catch fraud fast and respond before it metastasizes into a full credit crisis.
At NMD Solutions, we've built AI-powered tools that monitor your credit file in real time, generate dispute letters automatically when unauthorized accounts appear, track bureau responses with built-in escalation timelines, and alert you the moment something changes. This is the infrastructure that turns a breach from a disaster into a manageable event. It costs $29 flat. No monthly fees. No lawyers.
You can't stop a ransomware gang from breaking into a company you've never heard of. But you can make sure that when your data gets used, you're the first to know and the first to act. That's what automated credit monitoring and dispute management does — it converts a passive victim into an active defender.
The people who get hurt worst by breaches like Conduent aren't the ones whose data was stolen. It's the ones who didn't find out until six months later when they tried to buy a house and found a $45,000 auto loan they never signed for sitting on their TransUnion report. Don't be that person.
Your data is already out there. Lock it down.
Our AI credit bot monitors your file, auto-generates dispute letters, and tracks bureau response deadlines. $29 flat. No subscriptions. Built for people who can't afford to wait for the damage to show up.