A data breach at government tech giant Conduent appears to be affecting far more people than initially disclosed, with the number of victims potentially reaching tens of millions of people across the United States.
The January 2025 ransomware attack, which disrupted Conduent’s operations for several days, is now known to affect at least 15.4 million people in Texas alone, representing roughly half of the state’s population. Conduent said in October that 4 million people across the state were affected.
Another 10.5 million people are affected across Oregon, according to the state attorney general.
Conduent has also notified hundreds of thousands of people across Delaware, Massachusetts, New Hampshire and other states, according to data breach notifications seen by TechCrunch.
The stolen data includes people’s names, social security numbers, medical data and health insurance information.
One of the largest government contractors today, Conduent handles and processes large amounts of personal and sensitive information on behalf of major corporations, government agencies and several US states. The company he says Technology and operational support services reach more than 100 million people in the United States in various government health care programs.
When contacted with several questions about the data breach, Conduent spokesman Sean Collins provided a statement that did not address the questions, nor did he answer whether Conduent knows how many people are affected by the cyberattack. The spokesman did not say whether the breach affects more than 100 million people.
Collins said the company is working to “conduct a detailed analysis of the affected files to identify the personal information” taken in the breach, but did not say how many data breach notifications the company has sent to date.
Little else is known about the breach, and the company has disclosed few details. conduit disclosed the cyber attack in Aprilmonths after hackers took down the company’s systems, which resulted in disruptions to government services across the United States.
The Safeway ransomware gang got credit of the breach, claiming to have stolen over 8 terabytes of data.
In subsequent SEC filingthe company said the stolen data sets “contained a significant amount of personal information of individuals associated with our customers’ end users,” referring to its corporate and government customers.
Conduent also said it continues to notify people whose data was stolen in the breach and plans to finish notifying people by early 2026. The company did not provide a more specific timeline.
Do you know more about the Conduent cyber attack? Zack Whittaker can be reached at Signal via the username zackwhittaker.1337 or by email: zack.whittaker@techcrunch.com.
