Conduent Here's a question for you: Did you choose Conduent to handle your personal data? No? Funny. Because if you've ever received SNAP benefits, Medicaid, child support payments, or had your data processed by a state government agency in the last decade, there's a pretty good chance Conduent had their hands all over your most sensitive information. They didn't ask you. They didn't notify you. They just took it. And now, in what can only be described as an entirely predictable outcome, the breach that was initially reported as affecting a "limited number of individuals" has exploded to 25 million victims. What Is Conduent, and Why Do They Have Your Data? Conduent is a Fortune 500 company that provides "business process services" to government agencies. In plain English: they're the middleman that processes your benefits, handles your child support case, manages your toll payments, and processes your healthcare claims. You never signed a contract with Conduent. You never agreed to their terms of service. You never even heard of them. But your state government did, and that was apparently enough. Here's what Conduent allegedly handles: SNAP benefits (food stamps) — processing applications, managing EBT cards Medicaid — eligibility determination, claims processing Child support — case management, payment processing Toll collection — electronic toll systems across multiple states Parking citations — processing and payment systems Unemployment insurance — claims processing during the pandemic surge Your "customer relationship" was with your state's Department of Health and Human Services. But behind the scenes, a private corporation was touching every piece of data you submitted. Citizens had no say if you wanted your SNAP application processed by a Fortune 500 company. They just did it. The Breach Nobody Wanted to Talk About The timeline of this breach reads like a masterclass in corporate damage control: Date / Event Late 2025 / Conduent detects "unauthorized access" to systems January 2026 / Company reports "limited" breach to regulators February 2026 / Scope expands — multiple state agencies affected March 2026 / 25 million individuals confirmed as victims Ongoing / Investigation continues; number may still grow When Conduent first disclosed the breach, they characterized it as affecting a "limited number of individuals." That number has since grown by approximately 25 million. that's not "limited." That's the population of Australia. Who Got Hit? The victims aren't abstract statistics. They're some of the most vulnerable people in America: SNAP Benefits Recipients Families relying on food assistance had their names, addresses, Social Security numbers, income data, and household composition exposed. These are people who, by definition, are struggling financially. Now they're at risk of identity theft on top of everything else. Without consent for this. They asked for help feeding their families. Medicaid Patients Low-income individuals and families who received healthcare through Medicaid had their medical information, eligibility data, and personal identifiers compromised. Medical identity theft is particularly devastating — it can result in incorrect medical records, denied claims, and even misdiagnosis. Child Support Participants Both custodial and non-custodial parents had their case information exposed. This includes financial data, employment information, addresses, and details about minor children. No one was consulted for their children's information to be handled by a breached corporation. Employees Conduent's own employees had their data compromised too. Because apparently the company that couldn't protect your data also couldn't protect its own workers' data. The Third-Party Problem This breach exposes a fundamental problem with how government services work in 2026: the third-party contractor loophole. Here's how it works: You provide data to a government agency (required by law) The agency hires a private contractor to process that data The contractor's security practices become your problem When the contractor gets breached, everyone shrugs You didn't choose Conduent. You can't opt out of Conduent. You can't even find out which contractor handles your data without filing FOIA requests that take months to process. "The government collected your data under the promise of protecting it, then handed it to the lowest bidder." — Privacy advocate, allegedly. Nobody asked if you wanted your data outsourced. They just signed the contract. The Cascading Consequences For 25 million people, the consequences of this breach will unfold over years: Identity theft — SSNs and personal data now in the wild Benefits fraud — SNAP and Medicaid accounts can be hijacked Tax fraud — Personal identifiers enable fraudulent tax returns Medical identity theft — Healthcare data can be used to obtain services fraudulently Child identity theft — Children's SSNs are particularly valuable because they won't be monitored for years And here's the kicker: Conduent's response has been to offer 12 months of credit monitoring. Twelve months. For a breach that will affect victims for the rest of their lives. SSNs don't expire. Medical records don't reset. Children's identities don't regenerate. The public was never asked if 12 months was enough. They just checked the "remediation" box. The Accountability Vacuum Who's responsible for this? Let's trace the chain: Conduent — Failed to secure the data they were entrusted with State agencies — Hired Conduent without adequate security requirements Legislators — Didn't mandate security standards for government contractors Regulators — Didn't enforce existing data protection requirements Everyone in the chain can point to someone else. Conduent will say they followed industry standards. State agencies will say they relied on Conduent's certifications. Legislators will say it's a regulatory matter. Regulators will say they need more authority. And 25 million people — many of them among the most economically vulnerable in the country — will pay the price. Your Next Steps If You've Received Government Benefits Check if your state used Conduent — Contact your state agency directly Monitor your credit — Even if Conduent's free monitoring has expired Watch for benefits fraud — Check your SNAP and Medicaid accounts regularly File your taxes early — Beat fraudsters who may use your SSN for tax fraud Demand Change Contact your representatives — Push for mandatory security standards for government contractors Support data minimization laws — Government agencies should only share the minimum data necessary Demand breach notification reform — 25 million people shouldn't learn about a breach from news articles Bottom Line 25 million Americans had their most sensitive data handled by a company they never chose, never heard of, and never consented to. That company got breached. The data is out there. And the people most affected — those relying on government assistance — are the least equipped to deal with identity theft. No community input if you wanted your SNAP data processed by Conduent. They didn't ask if 12 months of credit monitoring was adequate. They didn't ask if you wanted to be part of a 25-million-person breach. They just did it. Because in the world of government contracting, your consent is assumed and your data is a line item. --- Related: National Public Data: 2.9 Billion Records 10 Billion Password Buffet Privacy Guide 2026 Ticketmaster Breach: 560 Million