- Conduent breach far larger than first reported, now affecting tens of millions across multiple US states
- Data includes names, SSNs, medical and insurance details; Texas alone counts 15.4m victims, Oregon over 10m
- Ransomware group SafePay claimed responsibility, saying it stole 8.5TB of data, though Conduent remains silent beyond boilerplate statements
The recent data breach at Conduent now appears to have been a lot bigger than initially thought, affecting tens of millions of people.
Conduent is a major government contractor that works with more than 600 government entities globally, including those on state, local, and federal levels. It also serves a majority of the Fortune 100 companies and handles large-scale transportation and tolling systems. In fact, it claims to support “6 of the 10 largest US toll systems” via toll-transaction processing infrastructure.
In late October 2025, it confirmed suffering a data breach in January that year, and said that initial investigation placed the number of affected individuals at around four million. The stolen data included people’s names, Social Security numbers, medical data, and health insurance information. However, the data stolen varies from person to person.
Half of Texas affected
At the time, reports examined the stolen data and claimed more than 10 million people were affected and, while closer than what Conduent was saying, it still seemingly missed the mark.
New TechCrunch reporting claims that in Texas alone, 15.4 million people are affected, which is approximately half of the state’s entire population. As per the Oregon Attorney General’s Office, that state counts more than 10 million affected. Furthermore, Conduent apparently reached out to “hundreds of thousands” of people in Delaware, Massachusetts, New Hampshire, and other states.
"As previously disclosed in its April 2025 Form 8-K filing with the SEC, in January 2025, Conduent discovered that it was the victim of a cybersecurity incident," Conduent told TechRadar Pro in a statement.
"With respect to that incident, Conduent has agreed to send notification letters, on behalf of its clients, to individuals whose personal information may have been affected by this incident. Working in conjunction with our clients, we expect to send out all of the consumer notifications by April 15. In addition, a dedicated call center has been set up to address consumer inquiries. At this time, Conduent has no evidence of any attempted or actual misuse of any information potentially affected by this incident.
Upon discovery of the incident, Conduent acted quickly to secure its networks, restore its systems and operations, notify law enforcement, and conduct an investigation with the assistance of third-party forensics experts. In addition, given the nature and complexity of the data involved, Conduent worked diligently with a dedicated review team, including internal and external experts, and conducted a detailed analysis of the affected files to identify the personal information contained therein, which was a time-intensive process.
Both Conduent and our third-party experts monitor the dark web regularly and have no evidence of any personal information being released on the dark web.
Rest assured, we have followed all of the right protocols and have assured our clients that we have secured the necessary data. Conduent has been working with law enforcement and takes this matter seriously. We regret any inconvenience this incident may have caused."
A ransomware operation known as SafePay assumed responsibility for this attack, saying it stole 8.5 TB of data. SafePay is not as popular as LockBit or RansomHub, but it did strike a few prominent names, including Ingram Micro.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
