The recent data breach at the prominent government technology firm Conduent has revealed a much larger impact than initially anticipated, potentially affecting millions of individuals across the United States.
Following a ransomware incident in January 2025 that disrupted Conduent's services for several days, reports indicate that approximately 15.4 million residents in Texas alone have been affected, which represents nearly half the state's population. Initially, the company had disclosed that around 4 million individuals were impacted.
Additionally, the breach has reportedly compromised another 10.5 million people in Oregon, according to the state's attorney general. Notifications have also been sent to numerous residents in Delaware, Massachusetts, New Hampshire, and other states, as confirmed by data breach alerts.
The compromised information includes personal details such as names, Social Security numbers, medical records, and health insurance data.
As one of the largest contractors for government services, Conduent manages vast amounts of sensitive information for various corporations, governmental agencies, and numerous U.S. states. The company claims its technology and support services reach over 100 million people in the nation through various government healthcare initiatives.
When approached for further details regarding the breach, Conduent's spokesperson provided a standard response that did not address the specific inquiries, including whether the breach affects over 100 million individuals. The spokesperson did mention that the company is engaged in a thorough analysis of the compromised files to determine the extent of the personal information involved.
Details surrounding the breach remain scarce, and the company has disclosed minimal information. Conduent first reported the cyber incident in April, several months after its systems were compromised, leading to disruptions in government services nationwide.
The Safeway ransomware group has claimed responsibility for the breach, asserting that they acquired over 8 terabytes of data.
In a subsequent filing with the SEC, Conduent acknowledged that the stolen datasets contained significant amounts of personal information related to its clients' end-users, which include corporate and governmental customers.
The company is actively notifying those whose data has been compromised and aims to complete these notifications by early 2026, although a precise timeline has not been provided.
