Millions More Data Records Exposed in Major Breach

A ransomware attack on government technology provider Conduent, which occurred in January 2025, is now known to affect tens of millions of individuals across several states. What was initially reported as a limited incident has escalated, with at least 15.4 million Texas residents and 10.5 million Oregon residents confirmed as impacted. Hundreds of thousands more in Delaware, Massachusetts, and New Hampshire have also received notifications.

The Safeway ransomware gang claimed responsibility, stating they stole over 8 terabytes of data. This sensitive information includes names, Social Security numbers, medical histories, and health insurance details, making it highly valuable for identity theft, medical fraud, and targeted scams. Conduent, which supports services for over 100 million people nationwide, is in the process of notifying affected individuals, with notifications expected to be completed by April 15, 2026.

Unlike breaches involving credit card data, this incident exposed long-term identifiers that cannot be easily replaced. Healthcare data, in particular, is sought after on the black market for fraudulent insurance claims and obtaining prescription drugs. Many individuals may be unaware that Conduent processed their data, as the company works behind the scenes for various state agencies and corporations.

Conduent has stated it has no evidence of misuse or release of the compromised information on the dark web. The company is working with law enforcement and has established a dedicated call center for inquiries. Affected individuals are advised to take protective measures such as credit freezes, reviewing credit reports, using password managers, and enabling two-factor authentication to safeguard against potential misuse of their data.