Conduent, a major government contractor, has disclosed a significant data breach that has impacted over 10 million Americans. The incident, which the company discovered in January 2025, involved unauthorized access to its systems for nearly three months. Hackers reportedly stole personal information related to state-level programs including Medicaid, child support, food assistance, and toll systems.
The breach initially went unnoticed until Conduent’s internal investigation uncovered the intrusion, which experts believe started as early as October 21, 2024. The company noted that while operations were successfully restored, the incident raises significant concerns about the security of sensitive data managed by government contractors. Conduent, which processes over $85 billion in annual disbursements for U.S. states, emphasized that there is currently no evidence the stolen data has been made publicly available.
The SafePay ransomware group claimed responsibility for the breach, alleging they stole nearly 8.5 terabytes of data. The company confirmed that while some data was exfiltrated, the scale and nature of the breach have prompted ongoing cybersecurity assessments. Conduent has partnered with experts to analyze the stolen information, which includes personal details from multiple government programs. The company has initiated a dedicated response, including notification efforts and a call center, to assist affected individuals.
While the extent of the breach’s impact continues to unfold, the incident serves as a stark reminder of the potential risks associated with data management in critical public services. As Conduent and its government partners work to enhance cybersecurity measures, the long-term implications of such breaches remain a pressing concern for both private and public sectors.