February 23, 2026 Texas officials are warning about what could be the largest data breach in U.S. history, with notification letters already being sent to affected individuals. The incident centers on Conduent Business Services, a little-known contractor that handles printing, mail and back-office operations for major organizations.
The breach has already affected more than 10 million people, according to figures tracked by state authorities, and the number could continue to climb as investigations expand. Conduent disclosed it was targeted by a cyberattack discovered in January 2025, with attackers believed to have accessed sensitive data for nearly three months prior.
Although the company operates behind the scenes, its clients include large enterprises such as health insurers, meaning the fallout is broad and difficult for consumers to trace. One complicating factor is that notification letters do not always identify which organization originally held the compromised data, leaving some victims unsure how their information was exposed.
The types of data accessed vary widely. In some cases, attackers may have obtained names, addresses and Social Security numbers. Others were warned that medical records and health insurance details could have been involved.
Reports indicate that individuals across multiple U.S. states have been impacted, including Georgia, South Carolina and several Northeastern regions. Authorities say the full geographic scope is still being determined as more disclosures emerge.
Those receiving official notifications are being offered one year of free credit monitoring, but enrollment requires action. Consumers must sign up by April 30, 2026, to access the service, using instructions included in the mailed letters. Officials are emphasizing that recipients should not discard the notices, as the breach is legitimate and not part of a scam.
Cybersecurity experts recommend taking additional precautions, including freezing credit files with major bureaus, monitoring financial accounts for suspicious activity and watching for phishing attempts that exploit breach-related anxiety. Fraud alerts and regular credit report checks can also help detect misuse early.
