Conduent data breach grows, affecting at least 25M people
#Conduent #data breach #ransomware attack #cybersecurity #personal information #government contractor #data privacy #transparency
📌 Key Takeaways
- At least 25 million people affected by Conduent data breach
- Ransomware attack in January 2025 compromised sensitive personal information
- Conduent has shown limited transparency about the breach
- Company hid incident notice from search engines using 'noindex' tag
- Oregon and Texas were most severely impacted states
📖 Full Retelling
A ransomware attack on government contractor giant Conduent in January 2025 has resulted in a massive data breach affecting at least 25 million people across the United States, as the company provides critical services for state government benefit operations and corporate workplace benefits, handling vast amounts of personal information that has now been compromised by hackers. Conduent, which offers printing, mailroom services, and document and payment processing for government benefit programs including food assistance, unemployment benefits, and workplace benefits for large corporations, serves more than 100 million people through its technology and operational support services. The breach, which a ransomware group has claimed credit for, has prompted Conduent to send data breach notifications to affected individuals, though the company has provided limited information about how the attack occurred or the full extent of the impact. According to updates on state data breach notification pages and reports from TechCrunch, Oregon and Texas have been the hardest hit, with 10.5 million and 15.4 million affected individuals respectively, while Massachusetts, New Hampshire, and Washington report several hundred thousand more cases. The compromised data includes highly sensitive personal information such as names, dates of birth, addresses, Social Security numbers, health insurance information, and medical data. Despite the scale of the breach, Conduent has maintained a concerning lack of transparency. The company's 'Incident Notice' page, published in October 2025 alongside its first breach notification, does not explicitly mention a cybersecurity incident and contains a hidden 'noindex' tag in its source code, instructing search engines not to list the page. This deliberate obfuscation makes it difficult for affected individuals to easily find information about the breach. When questioned by TechCrunch, Conduent spokesperson Sean Collins refused to disclose how many notifications have been sent or why the company is hiding its incident notice from search results. While this breach is being described as one of the largest ever, it still trails behind the Change Healthcare hack in February 2024, which affected over 190 million people following a similar ransomware attack.
🏷️ Themes
Cybersecurity, Data privacy, Government contracting, Corporate transparency
📚 Related People & Topics
Conduent
American technology services company
Conduent Inc. is an American business services provider company headquartered in Florham Park, New Jersey. It was formed in 2017 as a divestiture from Xerox.
Entity Intersection Graph
No entity connections available yet for this article.
Original Source
The spillover from a ransomware attack on one of the largest government contractors in the United States keeps getting bigger : more than 25 million people have now had personal data stolen in the hack. Conduent provides printing, mailroom services, and document and payment processing services for state government benefit operations, such as food assistance, as well as workplace and unemployment benefits for large corporations. As such, the company handles a large amount of personal information belonging to a large swath of the United States. Conduent says its technology and operational support services reach more than 100 million people. But since the January 2025 cyberattack attack, which a ransomware group claimed credit for, the corporate giant has said little about the data breach, such as how it was caused and how many people are affected. An update to the state of Wisconsin’s data breach notification page now shows the Conduent breach affects at least 25 million people across the United States. TechCrunch’s ongoing tally from various data breach notification letters that we have seen also amounts to about 25 million people, with Oregon (10.5 million) and Texas (15.4 million) accounting for the majority of those affected. Other data breach notices seen by TechCrunch include another few hundred thousand individuals across Massachusetts, New Hampshire and Washington. The breach is known to have compromised individuals’ names, dates of birth, addresses, Social Security numbers, health insurance information, and medical data. Conduent has said little outside of its data breach notifications, and in some cases has made it more difficult for affected individuals to learn about the breach. Techcrunch event Save up to $300 or 30% to TechCrunch Founder Summit 1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Co...
Read full article at source