Conduent, a leading U.S. government contractor, has disclosed a major data breach that affected over 10 million individuals, exposing personal information linked to critical state programs such as Medicaid, child support, and food assistance. The breach, which lasted nearly three months, was attributed to the SafePay ransomware group, which claimed to have stolen 8.5 terabytes of data. Conduent discovered the unauthorized access in January 2025 and stated that operations were restored following the incident. However, the breach has raised significant concerns about cybersecurity in the public sector, highlighting the risks associated with handling sensitive information for government agencies.
The breach impacted several states, including Texas, Washington, South Carolina, New Hampshire, Maine, Oregon, Massachusetts, and California. Affected individuals have been notified, and Conduent has set up a dedicated call center to assist with inquiries. Despite the theft of vast amounts of data, the company asserts there is no evidence the stolen information has been published online or in dark web marketplaces. This incident has also led to increased scrutiny of data brokers and the cybersecurity measures needed to protect critical public systems.
While Conduent has taken steps to secure its networks and restore systems, the breach underscores the challenges of ensuring data protection within government contractors. The company has been working with cybersecurity experts to analyze the stolen data, and the incident has led to ongoing discussions about the need for stricter cybersecurity regulations. As the company continues to address the breach, the implications for public trust and long-term reforms in cybersecurity remain under close examination.
The breach also highlights the broader implications of data security in the public sector. With the increasing reliance on digital systems for critical services, the risk of cyberattacks grows, particularly for organizations that handle sensitive personal and financial data. The incident has prompted calls for enhanced oversight and the implementation of more robust cybersecurity measures to prevent similar breaches in the future. As the cybersecurity landscape evolves, the responsibility to protect personal data and ensure the integrity of public services remains a critical challenge for both private contractors and government entities.