Home / Technology / Ransomware Attack on Government Contractor Exposes Data of 10M+ Americans
Ransomware Attack on Government Contractor Exposes Data of 10M+ Americans
14 Nov
Summary
- Conduent, a major government contractor, hit by 3-month cyberattack
- Hackers stole personal data of over 10 million people across multiple states
- Breach disrupted vital public services like Medicaid, child support, and food assistance
In a significant cybersecurity incident, Conduent, a major government contractor that manages critical public services across the United States, was the target of a data breach that exposed personal information of over 10 million people.
The breach was discovered in January 2025, but hackers had infiltrated Conduent's network as early as October 2024. During this 3-month period, the attackers reportedly stole large amounts of data linked to state-level programs such as Medicaid, child support, food assistance, and toll systems. Conduent, which processes around $85 billion in annual disbursements and handles over 2 billion customer service interactions, supports approximately 100 million residents through various government health and welfare programs.
The breach led to several days of system outages, disrupting vital services in multiple states. For instance, in Wisconsin, parents and beneficiaries were unable to process payments due to the disruption, leaving many struggling to meet obligations related to child support and welfare programs. The SafePay ransomware group later claimed responsibility for the attack, alleging it had stolen 8.5 terabytes of data.
Conduent has confirmed that the stolen data contained significant amounts of personal information, including Social Security numbers, medical records, and health insurance details, from end-users across multiple programs. While the company says there is currently no evidence of the data being published online or on the dark web, the massive theft has long-term implications for identity theft and potential fraud within public benefit systems.
