A significant ransomware attack on Conduent, a government contractor, has potentially exposed the personal data of millions across several states, raising concerns about identity theft and fraud.
A massive ransomware attack on Conduent, a prominent government technology contractor, has turned out to be far more extensive than initially reported. What began as a limited incident now appears to affect tens of millions of individuals across multiple states, including Texas and Oregon.
In Texas alone, at least 15.4 million residents may have had their personal data compromised. Oregon has reported an additional 10.5 million affected individuals. Notifications have also been sent to hundreds of thousands of people in states such as Delaware, Massachusetts, and New Hampshire. If you rely on state healthcare programs or government services, your data could be part of this breach.
The cyberattack occurred in January 2025 and was later claimed by the Safeway ransomware gang, which asserts that it stole more than 8 terabytes of data. Conduent first disclosed the incident publicly in April, several months after hackers disrupted its systems and caused outages to government services nationwide. Initially, the company estimated that about 4 million people in Texas were affected, but that figure has since risen to 15.4 million, nearly half of the state’s population. Oregon’s attorney general has reported another 10.5 million impacted residents. Combined with notifications from other states, the total number of affected individuals could reach into the dozens of millions.
The stolen data includes sensitive information such as names, Social Security numbers, medical records, and health insurance details. This combination poses a significant risk, as it can be exploited for identity theft, medical fraud, and highly targeted scams.
Conduent processes data for large corporations, state agencies, and government healthcare programs, claiming to support services for over 100 million people nationwide. However, the company has not confirmed whether the breach affects that many individuals.
In a filing with the Securities and Exchange Commission (SEC), Conduent acknowledged that the stolen data included a “significant number” of individuals’ personal information associated with its clients’ end users, meaning those who rely on government agencies and corporate services powered by the company.
Unlike typical retail breaches where credit card information might be compromised, this incident involves deeply sensitive personal and medical information. Social Security numbers and health records are long-term identifiers that cannot simply be canceled or replaced like a debit card.
Healthcare-related data is particularly valuable on the black market, as it can be used to file fraudulent insurance claims, obtain prescription drugs, or open financial accounts. Moreover, because Conduent operates behind the scenes for state agencies, many individuals may not even realize their data was stored by the company.
Conduent has stated that it is still in the process of notifying affected individuals and expects to complete these notifications by early 2026. The company has not provided a clearer timeline or confirmed how many total people will ultimately be alerted. Many individuals could be left waiting months to find out if their information was compromised.
A spokesperson for Conduent provided the following statement: “As previously disclosed in its April 2025 Form 8-K filing with the SEC, in January 2025, Conduent discovered that it was the victim of a cybersecurity incident. With respect to that incident, Conduent has agreed to send notification letters, on behalf of its clients, to individuals whose personal information may have been affected by this incident. Working in conjunction with our clients, we expect to send out all of the consumer notifications by April 15. In addition, a dedicated call center has been set up to address consumer inquiries. At this time, Conduent has no evidence of any attempted or actual misuse of any information potentially affected by this incident.”
Upon discovering the incident, Conduent acted swiftly to secure its networks, restore its systems and operations, notify law enforcement, and conduct an investigation with the assistance of third-party forensic experts. Given the nature and complexity of the data involved, Conduent worked diligently with a dedicated review team, including internal and external experts, to conduct a detailed analysis of the affected files to identify the personal information contained therein, a process that proved to be time-intensive.
Both Conduent and its third-party experts regularly monitor the dark web and have found no evidence of any personal information being released. The company has assured its clients that it has secured the necessary data and is taking the matter seriously. “We regret any inconvenience this incident may have caused,” the spokesperson added.
Individuals concerned about their data can check if it has been compromised by visiting haveibeenpwned.com, where they can enter their email address to see if their information has been involved in any data breaches.
In light of this breach, experts recommend several precautionary measures. A credit freeze can prevent lenders from opening new accounts in your name without your approval. This service is free and can be placed with Equifax, Experian, and TransUnion. Additionally, individuals are entitled to free credit reports from all three major bureaus, allowing them to monitor for unfamiliar accounts or credit inquiries.
Using a password manager can also enhance security by creating strong, unique passwords for each account, reducing the risk of credential-stuffing attacks. Furthermore, enabling two-factor authentication (2FA) adds an extra layer of protection, making it more difficult for unauthorized users to access accounts.
The Conduent breach underscores a growing risk that many individuals may not anticipate. When large government contractors are targeted, millions can be affected simultaneously. As these companies operate behind the scenes, many may not even realize they hold their data. Taking proactive steps now can help mitigate long-term damage and protect against potential identity theft.
For further information on how to protect yourself from identity theft, visit CyberGuy.com.