A data breach that impacted a major government tech contractor is now believed to be significantly larger than initially thought, with more than 25 million Americans affected.
Conduent, a business technology firm that provides a variety of services like medical billing, toll transactions and processing prepaid cards for government programs, experienced a data breach that began in October 2024 and was mitigated in January 2025.
Last October, the company began informing consumers who were affected by the breach, which was believed to have affected more than 10 million people who had their names, Social Security numbers and medical information exposed.
Newly released data breach reports have pushed the number of people affected in Texas to at least 15.4 million, up from an earlier estimate of 4 million that was released in October, according to a report by TechCrunch.
10M AMERICANS HIT IN GOVERNMENT CONTRACTOR DATA BREACH
Additionally, the Oregon attorney general said over 10 million people were affected by the breach, and Conduent has reached out to “hundreds of thousands” of people in Delaware, Massachusetts, New Hampshire and other states, according to TechCrunch’s review of breach notifications.
A ransomware group known as SafePay took responsibility for the Conduent data breach and claimed to have stolen over 8 terabytes of data over the course of the intrusion.
CHINA BANS US AND ISRAELI CYBERSECURITY FIRMS OVER NATIONAL SECURITY CONCERNS: REPORT
| Ticker | Security | Last | Change | Change % |
|---|---|---|---|---|
| CNDT | CONDUENT INC | 1.48 | -0.02 | -1.33% |
Conduent said in a filing with the Securities and Exchange Commission (SEC) last fall that its investigation of the breach “confirmed that the data sets contained a significant number of individuals’ personal information associated with our clients’ end-users,” and it notified its government and private sector clients about the affected end users.
The company added in the Sept. 30, 2025, filing that it’s working with clients on the next steps required by federal and state law “including individual and regulatory notifications that began in October 2025 and are expected to be concluded by early 2026.”
TEXAS GOV ABBOTT ADDS POPULAR CHINESE ELECTRONICS, ONLINE SHOPPING COMPANIES TO ‘PROHIBITED’ TECH LIST
In a statement provided to FOX Business, Conduent said that, “Working in conjunction with our clients, we expect to send out all of the consumer notifications by April 15. In addition, a dedicated call center has been set up to address consumer inquiries. At this time, Conduent has no evidence of any attempted or actual misuse of any information potentially affected by this incident.”
The company said in its statement that “given the nature and complexity of the data involved, Conduent worked diligently with a dedicated review team, including internal and external experts, and conducted a detailed analysis of the affected files to identify the personal information contained therein, which was a time-intensive process.”
“Both Conduent and our third-party experts monitor the dark web regularly and have no evidence of any personal information being released on the dark web,” the statement noted.
Read the full article here