- The Conduent breach is far larger than first reported, now affecting tens of millions across multiple US states
- Data includes names, SSNs, medical and insurance information; Texas alone counts 15.4 million victims, Oregon over 10 million
- Ransomware group SafePay claimed responsibility, saying it stole 8.5TB of data, though Conduent remains silent beyond boilerplate statements
The latest data breach at Conduent now appears to have been much larger than first thought, affecting tens of thousands of people.
Conduent is a large government contractor working with more than 600 government entities globally, including those at the state, local and federal levels. It also serves a majority of Fortune 100 companies and handles transport and payment systems at scale. In fact, it claims to support “6 of the 10 largest US toll systems” via toll transaction processing infrastructure.
In late October 2025, it confirmed that they suffered a data breach in January of that year, saying that the initial investigation placed the number of people affected at around four million. The stolen data included people’s names, social security numbers, medical data and health insurance information. However, the stolen data varies from person to person.
Half of Texas affected
At the time, reports looked into the stolen data and claimed more than 10 million people were affected, and while they were closer than what Conduent said, it still apparently missed the mark.
New TechCrunch reporting claims that in Texas alone, 15.4 million people are affected, which is approximately half of the state’s total population. According to the Oregon Attorney General’s Office, this state counts more than 10 million affected. In addition, Conduent apparently reached “hundreds of thousands” of people in Delaware, Massachusetts, New Hampshire and other states.
The company itself does not make statements other than the boilerplate that it sends to the press. Therefore, it does not yet say exactly how many people are actually affected.
A ransomware operation known as SafePay claimed responsibility for this attack, saying it stole 8.5 TB of data. SafePay is not as popular as LockBit or RansomHub, but it hit a few prominent names, including Ingram Micro.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
