Conduent data breach grows, affecting at least 25M people
Source: TechCrunch
Overview
The spillover from a ransomware attack on one of the largest U.S. government contractors continues to grow. More than 25 million people have now had personal data stolen in the hack.
Conduent provides printing, mailroom services, and document and payment processing for state government benefit operations (e.g., food assistance) as well as workplace and unemployment benefits for large corporations. The company’s technology and operational support services reach more than 100 million people【https://www.news.conduent.com/how-government-agencies-and-their-customers-can-navigate-change】.
Since the January 2025 cyberattack—claimed by a ransomware group—Conduent has offered limited information about the breach, including its cause and the exact number of affected individuals.
An update to the Wisconsin Department of Children and Families data‑breach notification page now shows the Conduent breach affects at least 25 million people across the United States【https://datcp.wi.gov/Pages/Programs_Services/DataBreaches.aspx】.
TechCrunch’s tally from various breach‑notification letters also totals about 25 million affected, with the majority in:
- Oregon – 10.5 million
- Texas – 15.4 million
Additional notices cover a few hundred thousand individuals in Massachusetts, New Hampshire, and Washington.
Impact
The breach compromised the following personal information:
- Names
- Dates of birth
- Addresses
- Social Security numbers
- Health‑insurance information
- Medical data
Conduent’s communications have been limited, and in some cases the company has made it harder for affected individuals to learn about the breach.
Incident Notice and Company Response
A page on Conduet’s website titled “Incident Notice” (published October 2025 alongside the first breach notification) does not explicitly mention a cybersecurity incident. The page includes a hidden noindex tag, instructing search engines not to list it, which hampers discoverability【https://www.conduent.com/notice-steps-you-can-take-2025/】.
When contacted, Conduent spokesperson Sean Collins declined to disclose how many notifications have been sent or why the incident notice is hidden from search results.
Comparison to Other Breaches
Conduent’s breach has been billed as one of the “largest ever,” but it likely trails behind the Change Healthcare hack, which affected more than 190 million people【https://techcrunch.com/2025/01/27/how-the-ransomware-attack-at-change-healthcare-went-down-a-timeline/】. That attack involved a Russian‑speaking ransomware gang stealing extensive health and medical data via a stolen credential that lacked multi‑factor authentication, leading the healthcare tech giant to pay at least two ransoms to keep most of the data off the internet【https://techcrunch.com/2024/04/15/change-healthcare-stolen-patient-data-ransomhub-leak/】.