The fallout from a ransomware attack on one of the largest government contractors in the United States continues to grow: More than 25 million people have now had personal data stolen in the hack.
Conduent provides printing, mail and document processing and payment services for federal government benefits such as food assistance, as well as workplace and unemployment benefits for large corporations. Therefore, the company handles a large amount of personal information belonging to a large part of the United States. conduit he says Its technology and operational support services reach more than 100 million people.
But since the January 2025 cyberattack, which a ransomware group took credit for, the corporate giant has said little about the data breach, such as how it was caused and how many people are affected.
An update on the status of the Wisconsin data breach notification page; now shows that the Conduent breach affects at least 25 million people across the United States.
TechCrunch’s running tally of various data breach notification letters we’ve seen also stands at around 25 million people, with Oregon (10.5 million) and Texas (15.4 million) representing the majority of those affected. Other data breach notices spotted by TechCrunch include another few hundred thousand people in Massachusetts, New Hampshire and Washington.
The breach is known to have compromised people’s names, dates of birth, addresses, social security numbers, health insurance information and medical data.
Conduent has said little outside of data breach notifications and in some cases has made it harder for affected people to learn about the breach.
Techcrunch event
Boston, MA
|
June 9, 2026
A page on Conduent’s website, titled “Incident Notification” published in October 2025 at the same time as the first data breach notification, does not specifically mention a cybersecurity incident. The page contains a hidden “noindex” tag in its source code, which tells search engines not to list the page in search results, making it difficult for anyone searching the web to find it.
When reached by TechCrunch, Conduent spokesman Sean Collins would not say how many notifications the company has sent to date or why the company hides the incident notification from search engines.
The Conduent breach has been described as one of the “biggest ever,” but likely traces back to the Change Healthcare hack, which affected more than 190 million people after a ransomware attack in February 2024. A Russian-language ransomware gang stole reams of health and medical data from Change-Clevertred authentication, prompting the healthcare tech giant to pay at least two ransom to keep most of the stolen data off the Internet.
