Data breach at government tech giant Conduent balloons, affecting millions of Americans

A data breach at government tech giant Conduent appears to affect many more people than was first revealed, with the death toll potentially reaching tens of millions of people across the US.

The January 2025 ransomware attack, which shut down Conduent’s operations for several days, is now known to affect at least 15.4 million people in Texas alone, representing about half of the state’s population. Conduent said in October that 4 million people across the state were affected.

Another 10.5 million people are affected across Oregon, according to the state’s attorney general.

Conduent also notified hundreds of thousands of people across Delaware, Massachusetts, New Hampshire and other states, according to data breach notices seen by TechCrunch.

The stolen data includes individuals’ names, Social Security numbers, medical data, and health insurance information.

Conduent is one of the largest government contractors today, handling and processing large amounts of personal and sensitive information on behalf of major corporations, government departments, and many U.S. states. The company says its technology and operational support services reach more than 100 million people in the United States through various government health care programs.

When contacted with several questions about the data breach, Conduent spokesman Sean Collins provided a typical statement that did not address the questions, nor did he answer whether Conduent knew how many individuals were affected by the cyberattack. The spokesman did not say whether the breach affects more than 100 million people.

Collins said the company is working to “conduct a detailed analysis of the affected files to determine what personal information” was captured during the breach, but he did not say how many data breach notifications the company has sent so far.

Little is known about the hack, and the company has revealed few details. Conduent disclosed the cyberattack in April, months after hackers crippled the company’s systems, disrupting government services across the United States.

The Safeway ransomware gang has taken credit for the hack, claiming to have stolen more than 8 terabytes of data.

In a subsequent Securities and Exchange Commission filing, the company said the stolen data sets “contain a significant amount of individuals’ personal information associated with our customers’ end-users,” referring to its corporate and government clients.

Conduent also said it continues to notify individuals whose data was stolen in the breach, and plans to end alerting individuals by early 2026. The company did not provide a more specific timeline.

Do you know more about Conduent Cyber ​​Attack? You can contact Zack Whittaker on Signal via username zackwhittaker.1337 or email: zack.whittaker@techcrunch.com.