A ransomware attack on government technology giant Conduent has impacted tens of millions of people across multiple states. Initially reported as a limited incident, the breach now affects at least 15.4 million residents in Texas, 10.5 million in Oregon, and hundreds of thousands in Delaware, Massachusetts, and New Hampshire. Individuals relying on state healthcare programs or government services are at risk.
The cyberattack, which occurred in January 2025, was later claimed by the Safeway ransomware gang. Conduent disclosed the incident in April, months after hackers disrupted its systems. The stolen data includes names, Social Security numbers, medical information, and health insurance details, creating a high risk for identity theft, medical fraud, and targeted scams.
This breach is particularly concerning because it involves deeply sensitive personal and medical information, which cannot be easily replaced. Healthcare data is valuable on the black market for fraudulent insurance claims and financial account openings. Conduent processes data for over 100 million people nationwide, serving state agencies and corporate services.
Conduent expects to complete notifications to affected individuals by early 2026. The company stated it has no evidence of attempted or actual misuse of the affected information or its release on the dark web.
To protect yourself, experts recommend placing a credit freeze, monitoring credit reports regularly, using a password manager, securing email accounts with two-factor authentication, installing strong antivirus software, considering identity theft protection services, and reducing your digital footprint with data removal services.
The Conduent breach underscores the significant risk posed by attacks on large government contractors, potentially affecting millions who may not even realize their data is held by these behind-the-scenes companies. Swift action is crucial to prevent long-term damage.