Data breach at govtech giant Conduent balloons, affecting millions more Americans

A significant data breach at Conduent, a leading provider of technology for government services, has escalated in severity, with the number of affected individuals potentially reaching into the tens of millions across the United States. Initially reported in January 2025 following a ransomware attack that disrupted Conduent’s operations, the breach now impacts at least 15.4 million residents in Texas alone, which is roughly half the state's population. Previously, in October, Conduent estimated that 4 million Texans were at risk. Additionally, Oregon's attorney general has reported that 10.5 million individuals in that state are affected. Notifications have also been sent to hundreds of thousands of residents in Delaware, Massachusetts, New Hampshire, and several other states, according to breach documentation reviewed by TechCrunch. The compromised data includes sensitive information such as names, Social Security numbers, medical records, and health insurance details. As one of the largest government contractors in the nation, Conduent manages a vast amount of personal data for numerous corporations, government agencies, and various states, reaching over 100 million people through its services. When approached for comments regarding the extent of the breach, Conduent spokesperson Sean Collins issued a standard response that failed to address specific inquiries and did not clarify the total number of individuals affected. Collins mentioned that the company is undertaking a thorough review of the impacted files to ascertain the personal information that was compromised but did not disclose how many notifications have been sent. Details surrounding the breach remain scant, as Conduent has offered little further information since the cyberattack was first disclosed in April, months after hackers had already disrupted the company’s systems, leading to service outages across various government platforms. The Safeway ransomware group has claimed responsibility, asserting that they stole over 8 terabytes of data, which includes a significant quantity of personal information related to Conduent’s clients. Conduent has indicated that it is in the process of notifying individuals whose data was compromised and aims to complete this outreach by early 2026, although no precise timeline has been provided. For further insights regarding the Conduent cyberattack, you can reach out to Zack Whittaker via Signal or email.