Government Contractor Conduent Hit by Major Data Breach Affecting 10M Americans
A major data breach at government contractor Conduent has exposed the personal information of over 10 million Americans, sparking widespread concern about the security of critical public services.
The cyberattack, which lasted nearly three months, compromised sensitive data related to Medicaid, child support, food assistance, and toll systems. Conduent disclosed the breach in January 2025, with hackers infiltrating its network as early as October 2024. The company claims operations were safely restored after the breach was contained, but the incident highlights vulnerabilities in the systems managing essential government services. Notifications are being sent to all impacted individuals, and a dedicated call center has been established to address consumer inquiries. The breach has disrupted vital services in multiple states, affecting millions of residents.
According to data brokers, the breach has affected thousands of people in various states, with more than 400,000 people in Texas alone being impacted. The stolen data includes sensitive information such as Social Security numbers, medical records, and health insurance details. Other affected states include Washington, South Carolina, New Hampshire, Maine, Oregon, Massachusetts, and California. Conduent has reported that the stolen data has not yet been published online or sold on dark web marketplaces, but the company has committed to notifying affected individuals and ensuring their data is protected. The breach has raised concerns about the cybersecurity measures of companies handling sensitive government data, particularly in light of the increasing frequency of cyberattacks on critical infrastructure and public services.
The breach was attributed to the SafePay ransomware group, which claimed responsibility for the attack. The group allegedly stole 8.5 terabytes of data, including financial records, medical information, and personal identifiers. Conduent has hired cybersecurity experts to analyze the stolen data and has taken steps to protect customer information. The company has also committed to notifying affected individuals and has set up a dedicated call center to address consumer inquiries. While Conduent claims no misuse of the stolen data has been confirmed, the breach underscores the persistent threat of cyberattacks on critical infrastructure and public services.
The incident has raised questions about the cybersecurity measures of companies handling sensitive government data, particularly in light of the increasing frequency of cyberattacks on critical infrastructure and public services. Conduent has committed to enhancing its cybersecurity protocols to prevent future breaches. The company has also taken steps to improve its data protection measures and has increased transparency in its data handling processes. The breach has highlighted the need for stronger cybersecurity regulations and oversight for government contractors handling sensitive information.
Experts have warned that the breach could have long-term implications for the affected individuals, including the risk of identity theft and financial fraud. While Conduent has taken steps to protect customer data, the company has emphasized the importance of proactive measures to mitigate the risks associated with data breaches. The incident has also prompted discussions about the role of government in ensuring the cybersecurity of critical infrastructure and public services.
As a result of the breach, many individuals have taken steps to protect their personal information, including changing passwords, monitoring their credit reports, and using identity theft protection services. The incident has also raised awareness about the importance of cybersecurity in the public sector, particularly for companies handling sensitive government data. While Conduent has taken steps to address the breach, the incident serves as a stark reminder of the vulnerability of critical infrastructure and the need for robust cybersecurity measures to prevent future attacks.