Conduent Business Services — a third-party print, mail and back-office support provider for Elevance Health and its subsidiaries, including Anthem — has begun notifying IU medical plan members about a recent cybersecurity incident.

Between October 2024 and January 2025, Conduent experienced a security breach that exposed the personal data of approximately 25 million people across the country. Because Anthem administers IU’s medical plans, the breach is affecting some employees, retirees, residents, student academic appointees and students in an IU medical plan, as well as their covered family members.

The information accessed includes names, dates of birth, health insurance ID numbers, patient ID numbers, treatment cost details, group policy numbers and, in some cases, Social Security numbers. The type and amount of information disclosed may vary for each individual.

Conduent reports that the breach is contained, and there is no evidence of misuse or public release of the data. They are actively working with cybersecurity experts and the FBI to investigate and prevent future incidents, and they are notifying affected individuals by mail on an ongoing basis. The letters are sent directly by Conduent and do not reference Elevance Health or Anthem.

Members who receive a letter are provided with instructions to enroll in complimentary identity and credit monitoring, obtain a free credit report, and place a freeze or fraud alert on their credit file. As a precaution, employees should monitor their credit for unusual activity, regularly update passwords, enable multi-factor authentication, and remain alert to unexpected emails or calls requesting personal information.

For questions or more information, visit Conduent’s incident page or call them toll-free at 866-291-3678 from 9 a.m. to 6:30 p.m. ET Monday through Friday.