Conduent data breach hits millions across multiple states

10.2K

 

A ransomware attack on government technology giant Conduent is turning out to be far bigger than first reported. What initially sounded like a limited incident now appears to affect tens of millions of people across multiple states. In Texas alone, at least 15.4 million residents may have had their data exposed. Oregon has reported another 10.5 million affected individuals. And notifications have also gone out to hundreds of thousands of people in states like Delaware, Massachusetts, and New Hampshire. If you rely on state healthcare programs or government services, your data could be part of this breach.

 

 

 

What we know about the breach so far

The cyberattack happened in January 2025 and was later claimed by the Safeway ransomware gang, which says it stole more than 8 terabytes of data. Conduent first disclosed the incident publicly in April, months after hackers disrupted its systems and caused outages to government services across the country.

The company initially said about 4 million people in Texas were affected. That number has since jumped to 15.4 million, nearly half the state’s population. Oregon’s attorney general reported another 10.5 million impacted residents. Combined with other states issuing notifications, the total could reach into the dozens of millions.

The stolen data includes names, Social Security numbers, medical information, and health insurance details. That combination is particularly dangerous because it can be used for identity theft, medical fraud, and highly targeted scams.

Conduent processes data for large corporations, state agencies, and government healthcare programs. The company says its systems support services for more than 100 million people nationwide. However, it has not confirmed whether the breach affects that many individuals.

In a filing with the SEC, Conduent acknowledged that the stolen data included a “significant number” of individuals’ personal information tied to its clients’ end users, meaning people who rely on government agencies and corporate services powered by the company.

 

Why this breach is especially concerning

Unlike a retail breach, where credit card data might be exposed, this incident involves deeply sensitive personal and medical information. Social Security numbers and health records are long-term identifiers. You cannot simply cancel or replace them like a debit card.

Healthcare-related data is especially valuable on the black market because it can be used to file fraudulent insurance claims, obtain prescription drugs, or open financial accounts. And because Conduent works behind the scenes for state agencies, many people may not even realize their data was stored by the company in the first place.

Conduent said it is still in the process of notifying affected individuals and expects to complete those notifications by early 2026. The company did not provide a clearer timeline or confirm how many total people will ultimately be alerted. Many people could be waiting months before knowing whether their information was compromised.

 

Conduent responds to January 2025 data breach

We reached out to Conduent for comment, and a company spokesperson provided CyberGuy with the following statement:

“As previously disclosed in its April 2025 Form 8-K filing with the SEC, in January 2025, Conduent discovered that it was the victim of a cybersecurity incident. With respect to that incident, Conduent has agreed to send notification letters, on behalf of its clients, to individuals whose personal information may have been affected by this incident. Working in conjunction with our clients, we expect to send out all of the consumer notifications by April 15. In addition, a dedicated call center has been set up to address consumer inquiries. At this time, Conduent has no evidence of any attempted or actual misuse of any information potentially affected by this incident.

 

Upon discovery of the incident, Conduent acted quickly to secure its networks, restore its systems and operations, notify law enforcement, and conduct an investigation with the assistance of third-party forensics experts. In addition, given the nature and complexity of the data involved, Conduent worked diligently with a dedicated review team, including internal and external experts, and conducted a detailed analysis of the affected files to identify the personal information contained therein, which was a time-intensive process.

 

Both Conduent and our third-party experts monitor the dark web regularly and have no evidence of any personal information being released on the dark web.

 

Rest assured, we have followed all of the right protocols and have assured our clients that we have secured the necessary data. Conduent has been working with law enforcement and takes this matter seriously. We regret any inconvenience this incident may have caused.”

 

How can I check if my information was sold on the dark web?

To check if your information was sold on the dark web, you can go to haveibeenpwned.com and enter your email address into the search bar. The website will search to see what data of yours is out there and display if there were data breaches associated with your email address on various sites.

If you find your data is out on the web, here’s how you can remove it.

 

8 steps you can take to protect yourself after the Conduent breach

When a breach involves Social Security numbers and medical data, you need to think long term. Here’s what you should do.

1) Place a credit freeze

A credit freeze prevents lenders from opening new accounts in your name without your approval. It’s free and can be placed with Equifax, Experian, and TransUnion. This is one of the strongest protections you can put in place after an SSN exposure. You can temporarily lift it if you need to apply for credit.

2) Monitor your credit reports regularly

You’re entitled to free credit reports from all three major bureaus. Look for unfamiliar accounts, credit inquiries, or address changes. Early detection makes it much easier to shut down fraud before it snowballs.

3) Use a password manager

If attackers obtained personal details like your name and email, they may try credential-stuffing attacks against your other accounts. A password manager creates strong, unique passwords for every account, so one breach does not unlock everything else. Many password managers also include breach alerts if your credentials show up in known leaks. Next, see if your email has been exposed in past breaches. Our #1 pick, NordPass, includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

4) Secure your email account first

Your email account is the gateway to nearly everything. Protect it with a strong password and two-factor authentication (2FA). Review recovery settings and recent login activity to make sure nothing has been altered.

5) Enable two-factor authentication everywhere possible

Two-factor authentication (2FA) adds another barrier, even if someone has your password. Use an authenticator app rather than SMS whenever possible for stronger protection.

6) Install strong antivirus software

Strong antivirus software can help block malicious links, phishing attempts, and ransomware. After a major breach, scammers often target victims with follow-up attacks pretending to offer help or compensation. Security software adds another layer of protection.

7) Consider identity theft protection

Identity theft services monitor your Social Security number, financial accounts, and even dark web marketplaces. If your information is misused, they can alert you quickly and help you recover faster. When SSNs are exposed, ongoing monitoring becomes especially important.

8) Reduce your digital footprint with a data removal service

Scammers often combine breach data with personal details found on data broker sites. A data removal service like Incogni works to remove your phone number, address, and other exposed information from hundreds of databases. While no service can erase everything, reducing what’s publicly available makes targeted fraud much harder.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web.

 

 

Related Links: 

• Why January is the best time to remove personal data online
• Make 2026 your most private year yet by removing broker data
• Surprising places your personal data is exposed and how to remove it

 

 

Kurt’s key takeaway

The Conduent breach highlights a growing risk that many people never see coming. When large government contractors are hit, millions can be affected at once. And because these companies operate behind the scenes, you may not even realize they hold your data. If your information was exposed, taking action now can prevent long-term damage. The sooner you lock things down, the harder it becomes for criminals to profit from your data.

Do you think companies that process government data are doing enough to protect it? Let us know in the comments below.

FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

 

Copyright 2026 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.