Conduent Data Breach Affects Millions, Social Security Info Exposed

A data breach at government technology giant Conduent is far worse than first disclosed. What began as a ransomware attack in January 2025 is now known to affect at least 15.4 million people in Texas alone—about half the state’s population—up from the 4 million Conduent originally reported in October. Another 10.5 million people are affected in Oregon, and hundreds of thousands more across Delaware, Massachusetts, New Hampshire, and other states have been notified. The stolen data includes names, Social Security numbers, medical data, and health insurance information. The full scope of the breach remains unknown, but Conduent’s technology reaches more than 100 million Americans through various government healthcare programs. In January 2025, a ransomware attack knocked out Conduent’s operations for several days, causing outages to government services across the United States. The Safeway ransomware gang claimed responsibility, saying it stole over 8 terabytes of data. Conduent did not publicly disclose the cyberattack until April 2025—months after systems were compromised. In a subsequent SEC filing, Conduent acknowledged the stolen datasets “contained a significant number of individuals’ personal information associated with our clients’ end-users”—referring to its corporate and government customers. The numbers have grown dramatically since initial disclosures: Texas: At least 15.4 million people affected, Oregon: 10.5 million people affected. Conduent has not confirmed whether the breach affects more than 100 million people—the number its technology and operational support services reach across U.S. government healthcare programs. The stolen information includes: Names, Social Security numbers, Medical data, Health insurance information. This type of data is among the most sensitive and valuable to cybercriminals, enabling identity theft, insurance fraud, and other forms of financial exploitation. Conduent says it is continuing to notify individuals and plans to conclude alerting victims by early 2026. Conduent is one of the largest government contractors in the United States, handling and processing large amounts of personal and sensitive information on behalf of government departments, U.S. states, and major corporations. The breach highlights the risks of concentrating vast amounts of citizen data with a single contractor.