Massive Data Breach at Conduent
Conduent Business Services, a major player in government technology solutions, is grappling with an extensive data breach that has compromised the personal information of millions. The breach, which occurred between late 2024 and early 2025, has been attributed to unauthorized access by a third party, leading to the exfiltration of sensitive data. The incident has been described as one of the most significant data breaches in the United States, affecting tens of millions of individuals.
The breach was initially made public through an SEC filing by Conduent in April 2025. Reports indicate that at least 15.4 million individuals in Texas alone were impacted, with additional reports from Oregon and other states increasing the estimated total to over 25 million. These numbers place the breach among the largest in healthcare and government data sectors, though still below the 2024 Change Healthcare breach.
Ransomware Group Takes Responsibility
The Safepay ransomware group has claimed responsibility for the cyberattack on Conduent, announcing the theft of over 8 terabytes of data. The stolen information includes names, Social Security numbers, addresses, medical histories, and health insurance details. Conduent has acknowledged the unauthorized data access but has not confirmed the full extent of the data stolen as claimed by the group.
The cyber intrusion lasted from October 21, 2024, to January 13, 2025, when Conduent discovered the breach. The company quickly worked with forensic experts to contain the incident and restore services. Despite the seriousness of the breach, Conduent has reported no evidence of data misuse or public release on the dark web as of yet.
Impact and Response
Following the breach, Conduent has begun notifying affected individuals, with notifications expected to be completed by mid-April 2026. The company has faced significant costs related to the breach response, estimated at around $25 million, and is working with clients on regulatory compliance and further notifications.
Texas Attorney General Ken Paxton has launched an investigation into the breach, considering it potentially one of the largest healthcare data breaches in U.S. history. Conduent continues to emphasize the importance of vigilance among affected individuals, urging them to monitor credit reports, utilize strong passwords, and be cautious of phishing attempts.
Recommendations for Affected Individuals
Conduent has provided guidance for those impacted by the breach to safeguard against identity theft. Recommendations include monitoring financial accounts for unusual activity, placing fraud alerts or credit freezes, and maintaining robust security practices online. The company has also set up a dedicated call center for inquiries related to the breach.
This incident underscores the vulnerabilities inherent in third-party service providers handling sensitive government and healthcare data. As investigations proceed, the full extent of the breach and its implications are expected to become clearer. For ongoing updates, affected individuals are advised to check official state attorney general portals or contact Conduent directly.
