Conduent Data Breach Escalates to 15.4 Million Victims in Texas Alone Following January Ransomware Attack
A significant data breach at government technology contractor Conduent has expanded dramatically in scope, potentially impacting tens of millions of Americans nationwide. The incident, stemming from a ransomware attack in January 2025, has revealed a far greater number of affected individuals than initially reported.
According to recent disclosures, the breach has compromised the personal information of at least 15.4 million people in Texas alone, representing approximately half of the state's population. This figure marks a substantial increase from the 4 million Texas residents initially reported as affected in October. Additionally, 10.5 million individuals in Oregon have been impacted, according to the state's attorney general.
Data breach notifications filed across multiple jurisdictions, including Delaware, Massachusetts, and New Hampshire, indicate hundreds of thousands of additional victims. The compromised data includes:
• Full names
• Social Security numbers
• Medical records
• Health insurance information
As one of the largest government technology contractors in the United States, Conduent processes vast quantities of sensitive personal data on behalf of corporate clients, federal agencies, and state governments. The company's infrastructure supports various government healthcare programs, with operational services reaching over 100 million people across the nation.
When contacted for clarification on the breach's total scope, Conduent spokesperson Sean Collins declined to confirm whether the incident affects more than 100 million individuals. The company stated it is conducting a comprehensive analysis of affected files to identify all compromised personal information, but refused to disclose the total number of breach notifications sent to date.
The attack, which disrupted Conduent's operations for several days, was publicly disclosed in an SEC filing in April 2025, months after the initial compromise. The Safeway ransomware gang claimed responsibility for the breach, asserting they exfiltrated over 8 terabytes of data.
In a subsequent SEC filing, Conduent acknowledged that the stolen datasets "contained a significant number of individuals' personal information associated with our clients' end-users." The company indicated it will continue notifying affected individuals, with completion of notifications expected by early 2026, though no specific timeline was provided.
Sources:
Conduent Official Statement
SEC Filing - April 2025
SEC Filing - September 2025
