Conduent Data Breach Expands, Impacting Millions of Americans
▼ Summary
– The Conduent data breach from January 2025 is far larger than initially disclosed, potentially affecting dozens of millions of people across the United States.
– At least 15.4 million people in Texas and 10.5 million in Oregon are confirmed victims, with hundreds of thousands more notified in several other states.
– The stolen data includes highly sensitive personal information such as names, Social Security numbers, medical data, and health insurance details.
– Conduent, a major government contractor, has provided limited details and did not answer specific questions about the total number of individuals affected.
– The company is continuing to notify victims and plans to conclude this process by early 2026, following the ransomware attack claimed by the Safeway gang.
The scale of a major data breach at government technology contractor Conduent has grown dramatically, with new disclosures indicating the incident potentially impacts tens of millions of Americans across multiple states. Initially reported as affecting millions, the fallout from a January 2025 ransomware attack now encompasses a far greater portion of the population, raising serious concerns about the security of sensitive personal information handled by large federal and state vendors.
In Texas alone, the number of affected individuals has surged to at least 15.4 million people, a figure that represents roughly half the state’s population. This is a substantial increase from the company’s October statement, which cited only 4 million impacted Texans. The attorney general’s office in Oregon has confirmed another 10.5 million residents in that state are involved. Furthermore, breach notification letters have been sent to hundreds of thousands more people in states including Delaware, Massachusetts, and New Hampshire.
The compromised data is exceptionally sensitive, containing names, Social Security numbers, medical records, and health insurance information. Conduent operates as a pivotal government contractor, managing and processing vast quantities of personal data for major corporations, federal agencies, and numerous U.S. states. The company’s own materials state its services touch more than 100 million Americans through various government healthcare programs.
When pressed for details, Conduent provided limited clarification. Company spokesperson Sean Collins issued a generic statement that failed to answer specific questions, including whether the firm knows the total number of victims or if the breach ultimately exceeds 100 million individuals. Collins noted the company is analyzing affected files to identify stolen personal information but declined to reveal how many breach notifications have been dispatched so far.
Public knowledge of the breach remains scarce, as Conduent has disclosed few particulars since first announcing the cyberattack in April 2025, several months after hackers crippled its systems. That disruption caused widespread outages to government services nationwide. The Safeway ransomware gang has claimed responsibility for the intrusion, boasting it exfiltrated more than 8 terabytes of data.
In a subsequent filing with the U.S. Securities and Exchange Commission, Conduent acknowledged the stolen datasets “contained a significant number of individuals’ personal information associated with our clients’ end-users,” referring to its government and corporate customers. The company stated it is continuing to notify affected individuals and aims to complete this process by early 2026, though it provided no more precise timeline for these critical alerts.
(Source: TechCrunch)
