The data breach at government technology giant Conduent appears to have affected far more people than initially revealed, with the number of victims potentially reaching tens of millions across the United States.
A ransomware attack in January 2025 that shut down Conduent’s operations for several days is now known to have affected at least 15.4 million people in Texas alone, roughly half the state’s population. Conduent announced in October that 4 million people were affected across the state.
An additional 10.5 million people are affected across Oregon, according to the state attorney general.
Conduent has also notified hundreds of thousands of people in Delaware, Massachusetts, New Hampshire and other states, according to data breach notifications seen by TechCrunch.
Stolen data includes individuals’ names, social security numbers, medical data, and health insurance information.
One of today’s largest government contractors, Conduent handles and processes large amounts of personal and sensitive information on behalf of large corporations, government departments, and several U.S. states. The company says its technology and operational support services are provided to more than 100 million people in the United States through various government health programs.
When asked several questions about the data breach, Conduent spokesperson Sean Collins did not answer the questions or say whether Conduent knew how many individuals were affected by the cyberattack. The spokesperson did not say whether the breach affected more than 100 million people.
Collins said the company is working on “conducting a detailed analysis of the affected files to identify the personal information” exposed in the breach, but declined to say how many data breach notifications the company has sent so far.
Little else is known about the breach, and the company has released few details. Conduent disclosed the cyberattack in April, months after hackers destroyed its systems and shut down government services across the United States.
The Safeway ransomware gang took responsibility for the breach and claimed to have stolen over 8 terabytes of data.
In a subsequent SEC filing, the company said the stolen data sets “included a significant amount of personal information related to our customers’ end users,” referring to its corporate and government customers.
Conduent also said it is continuing to notify individuals whose data was stolen in the breach and plans to end notifying individuals by early 2026. The company did not provide a more specific schedule.
Want to know more about the Conduent cyberattack? Signal’s Zack Whittaker can be reached at username zackwhittaker.1337 or by email at zack.whittaker@techcrunch.com.
Source link
