The ransomware attack on one of America’s largest government contractors continues to grow, with more than 25 million people now having their personal data stolen in the hack.
Conduent provides printing, mailroom services, document and payment processing services for state government benefits programs such as food assistance, as well as workplace benefits and unemployment benefits for large corporations. As a result, the company handles large amounts of personal information from a wide range of people in the United States. Conduent says its technology and operational support services serve more than 100 million people.
But since the January 2025 cyberattack that a ransomware group claimed was behind it, the giant company has said little about the data breach, including how it was triggered and how many people were affected.
An update to Wisconsin’s data breach notification page shows the Conduent breach affects at least 25 million people nationwide.
TechCrunch’s ongoing tally from the various data breach notification letters we’ve seen to date also totals approximately 25 million people, with Oregon (10.5 million) and Texas (15.4 million) accounting for the majority of those affected. Other data breach notifications seen by TechCrunch involve hundreds of thousands of additional individuals in Massachusetts, New Hampshire, and Washington states.
The breach is known to have compromised individuals’ names, dates of birth, addresses, social security numbers, health insurance information, and medical data.
Conduent says little beyond data breach notifications, and in some cases makes it more difficult for affected individuals to learn about the breach.
tech crunch event
boston, massachusetts
|
June 9, 2026
A page titled “Incident Notification” on Conduent’s website, published in October 2025 at the same time as the first data breach notification, does not explicitly mention the cybersecurity incident. The page’s source code contains a hidden “noindex” tag that tells search engines not to show the page in search results, making it difficult for people searching the web to find it.
In an interview with TechCrunch, Conduent spokesperson Sean Collins declined to say how many notifications the company has sent or why the company hides incident notifications from search engines.
The Conduent breach, described as one of the “largest in history,” is likely to follow in the footsteps of the Change Healthcare hack in February 2024, when a ransomware attack affected more than 190 million people. A Russian-speaking ransomware group stole large amounts of health and medical data from Change Healthcare using stolen credentials not protected by multi-factor authentication, and the healthcare tech giant is demanding a ransom of at least $2 to keep most of the stolen data off the internet.
Source link
