Conduent data breach hits millions across multiple states

A ransomware attack on government technology giant Conduent is turning out to be far bigger than first reported. What initially sounded like a limited incident now appears to affect tens of millions of people across multiple states. In Texas alone, at least 15.4 million residents may have had their data exposed. Oregon has reported another 10.5 million affected individuals. And notifications have also gone out to hundreds of thousands of people in states like Delaware, Massachusetts, and New Hampshire. If you rely on state healthcare programs or government services, your data could be part of this breach.

Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter

149 MILLION PASSWORDS EXPOSED IN MASSIVE CREDENTIAL LEAK

The cyberattack happened in January 2025 and was later claimed by the Safeway ransomware gang, which says it stole more than 8 terabytes of data. Conduent first disclosed the incident publicly in April, months after hackers disrupted its systems and caused outages to government services across the country.

The company initially said about 4 million people in Texas were affected. That number has since jumped to 15.4 million, nearly half the state's population. Oregon's attorney general reported another 10.5 million impacted residents. Combined with other states issuing notifications, the total could reach into the dozens of millions.

The stolen data includes names, Social Security numbers, medical information, and health insurance details. That combination is particularly dangerous because it can be used for identity theft, medical fraud, and highly targeted scams.

Conduent processes data for large corporations, state agencies, and government healthcare programs. The company says its systems support services for more than 100 million people nationwide. However, it has not confirmed whether the breach affects that many individuals.

In a filing with the SEC, Conduent acknowledged that the stolen data included a "significant number" of individuals’ personal information tied to its clients’ end users, meaning people who rely on government agencies and corporate services powered by the company.

RANSOMWARE ATTACK EXPOSES SOCIAL SECURITY NUMBERS AT MAJOR GAS STATION CHAIN

Why this breach is especially concerning

Unlike a retail breach, where credit card data might be exposed, this incident involves deeply sensitive personal and medical information. Social Security numbers and health records are long-term identifiers. You cannot simply cancel or replace them like a debit card.

Healthcare-related data is especially valuable on the black market because it can be used to file fraudulent insurance claims, obtain prescription drugs, or open financial accounts. And because Conduent works behind the scenes for state agencies, many people may not even realize their data was stored by the company in the first place.

Conduent said it is still in the process of notifying affected individuals and expects to complete those notifications by early 2026. The company did not provide a clearer timeline or confirm how many total people will ultimately be alerted. Many people could be waiting months before knowing whether their information was compromised.

We reached out to Conduent for comment, and a company spokesperson provided CyberGuy with the following statement:

"As previously disclosed in its April 2025 Form 8-K filing with the SEC, in January 2025, Conduent discovered that it was the victim of a cybersecurity incident. With respect to that incident, Conduent has agreed to send notification letters, on behalf of its clients, to individuals whose personal information may have been affected by this incident. Working in conjunction with our clients, we expect to send out all of the consumer notifications by April 15. In addition, a dedicated call center has been set up to address consumer inquiries. At this time, Conduent has no evidence of any attempted or actual misuse of any information potentially affected by this incident.

"Upon discovery of the incident, Conduent acted quickly to secure its networks, restore its systems and operations, notify law enforcement, and conduct an investigation with the assistance of third-party forensics experts. In addition, given the nature and complexity of the data involved, Conduent worked diligently with a dedicated review team, including internal and external experts, and conducted a detailed analysis of the affected files to identify the personal information contained therein, which was a time-intensive process.

"Both Conduent and our third-party experts monitor the dark web regularly and have no evidence of any personal information being released on the dark web.

"Rest assured, we have followed all of the right protocols and have assured our clients that we have secured the necessary data. Conduent has been working with law enforcement and takes this matter seriously. We regret any inconvenience this incident may have caused."

To check if your information was sold on the dark web, you can go to haveibeenpwned.com and enter your email address into the search bar. The website will search to see what data of yours is out there and display if there were data breaches associated with your email address on various sites.

If you find your data is out on the web, remove it with a data removal service. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

When a breach involves Social Security numbers and medical data, you need to think long term. Here's what you should do.

A credit freeze prevents lenders from opening new accounts in your name without your approval. It's free and can be placed with Equifax, Experian, and TransUnion. This is one of the strongest protections you can put in place after an SSN exposure. You can temporarily lift it if you need to apply for credit.

You're entitled to free credit reports from all three major bureaus. Look for unfamiliar accounts, credit inquiries, or address changes. Early detection makes it much easier to shut down fraud before it snowballs.

If attackers obtained personal details like your name and email, they may try credential-stuffing attacks against your other accounts. A password manager creates strong, unique passwords for every account, so one breach does not unlock everything else. Many password managers also include breach alerts if your credentials show up in known leaks.

Also, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com

Your email account is the gateway to nearly everything. Protect it with a strong password and two-factor authentication. Review recovery settings and recent login activity to make sure nothing has been altered.

Two-factor authentication (2FA) adds another barrier, even if someone has your password. Use an authenticator app rather than SMS whenever possible for stronger protection.

Strong antivirus software can help block malicious links, phishing attempts, and ransomware. After a major breach, scammers often target victims with follow-up attacks pretending to offer help or compensation. Security software adds another layer of protection.

Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

Identity theft services monitor your Social Security number, financial accounts, and even dark web marketplaces. If your information is misused, they can alert you quickly and help you recover faster. When SSNs are exposed, ongoing monitoring becomes especially important.

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com

Scammers often combine breach data with personal details found on data broker sites. A data removal service works to remove your phone number, address, and other exposed information from hundreds of databases. While no service can erase everything, reducing what's publicly available makes targeted fraud much harder.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

The Conduent breach highlights a growing risk that many people never see coming. When large government contractors are hit, millions can be affected at once. And because these companies operate behind the scenes, you may not even realize they hold your data. If your information was exposed, taking action now can prevent long-term damage. The sooner you lock things down, the harder it becomes for criminals to profit from your data.

Do you think companies that process government data are doing enough to protect it? Let us know your thoughts by writing to us at Cyberguy.com

Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter 

Copyright 2026 CyberGuy.com.  All rights reserved.