Conduent Data Breach: Millions More Americans Affected

A significant data breach at government technology giant Conduent has expanded dramatically, now confirmed to affect millions more Americans than initially disclosed. The January 2025 ransomware attack, which crippled Conduent's operations for several days, led to the theft of a "significant number of individuals' personal information," including highly sensitive data such as Social Security numbers and medical records.

The scale of the Conduent data breach has surged, with Texas alone now reporting at least 15.4 million affected individuals – roughly half the state's population. This figure is a sharp increase from the 4 million initially disclosed by Conduent for Texas in October. Oregon's Attorney General has also confirmed that an additional 10.5 million people in that state were impacted. Furthermore, data breach notifications reviewed by TechCrunch indicate that hundreds of thousands more individuals across Delaware, Massachusetts, New Hampshire, and other states have been affected.

The stolen data is highly sensitive, encompassing individuals' names, Social Security numbers, medical data, and health insurance information. Such a comprehensive data compromise poses significant risks for identity theft and fraud for the affected millions.

Conduent stands as one of the largest government contractors in the United States, managing and processing vast quantities of personal and sensitive data for major corporations, government departments, and several U.S. states. The company states that its technology and operational support services reach over 100 million people nationwide through various government healthcare programs, underscoring the potential breadth of this cyberattack.

Despite the escalating numbers, Conduent has offered limited transparency regarding the full extent of the breach. When questioned, Conduent spokesperson Sean Collins provided a generic statement that failed to address specific inquiries, including the total number of individuals affected. Collins did not confirm whether the breach impacts more than 100 million people, only stating that the company is "working to conduct a detailed analysis of the affected files to identify the personal information" taken. The number of data breach notifications sent out to date also remains undisclosed.

The cyberattack, which caused outages to government services across the U.S., was only publicly disclosed by Conduent in April months after the initial January incident. The Safeway ransomware gang has claimed responsibility for the breach, asserting they stole over 8 terabytes of data. In a later SEC filing, Conduent acknowledged that the stolen datasets "contained a significant number of individuals' personal information associated with our clients' end-users," referring to its corporate and government customers.

Conduent has stated it is continuing to notify individuals whose data was compromised and anticipates concluding these alerts by early 2026, without providing a more precise timeline.

Do you know more about the Conduent cyberattack? You can contact Zack Whittaker on Signal via the username zackwhittaker.1337 or by email: [email protected].