What began as a ransomware attack on a major government technology company has now grown into one of the largest data breaches in recent history. According to Fox News, at least 25.9 million Americans are confirmed to be affected so far, and officials warn the final number could rise much higher.
The attack hit Conduent, a government technology giant that handles sensitive personal and health data for federal and state agencies. The breach happened in January 2025 and briefly shut down parts of the company’s operations. At first, it appeared that about 4 million people in Texas were affected. That number has since exploded.
Conduent data breach grows into one of the biggest ever
The company is one of the largest government contractors in the country. It processes personal and sensitive data for corporations, federal agencies, and state governments. According to its own public materials, Conduent’s systems reach more than 100 million Americans, mainly through government healthcare programs. That is nearly one in three people in the United States.
When TechCrunch pressed Conduent for details, company spokesperson Sean Collins declined to say how many people were affected in total or how many notifications have already been sent. Instead, Collins provided a brief statement, saying the company is conducting a “detailed analysis of the affected files.”
When Conduent first disclosed the breach last October, the company said more than 10 million people were affected. The exposed data included names, Social Security numbers, and medical information. However, newly released data breach filings show the real impact is far greater.
According to a report by TechCrunch, Texas alone had 15.4 million residents affected, nearly half the state’s population. That is a massive jump from the 4 million figure shared earlier. In Oregon, the attorney general confirmed that 10.5 million people were impacted. On top of that, hundreds of thousands of residents in Delaware, Massachusetts, New Hampshire, and several other states have also received breach notices.
Together, these numbers push the confirmed total to at least 25.9 million people, making this one of the largest government-related data breaches ever reported.
What Conduent told regulators
In a filing with the US Securities and Exchange Commission (SEC) last fall, Conduent confirmed the seriousness of the breach. In another filing dated September 30, 2025, the company said it was working with clients to meet federal and state legal requirements.
Conduent has acknowledged that the stolen data includes names, Social Security numbers, medical information, and health insurance details. This is the sort of data that can be used for identity theft, medical fraud, and financial scams for years to come. And officials warn that this may not be the full list.
A ransomware gang known as Safeway claimed responsibility for the breach. The group said it stole more than 8 terabytes of data from Conduent’s systems. That amount of data can hold millions of personal records, each packed with information that can be pieced together to steal someone’s identity.
In a statement shared with Fox Business, Conduent said it is continuing to notify affected consumers. “Working in conjunction with our clients, we expect to send out all of the consumer notifications by April 15. In addition, a dedicated call center has been set up to address consumer inquiries,” the company said.
Conduent also stressed that it has not seen any signs that the stolen data has been misused. “At this time, Conduent has no evidence of any attempted or actual misuse of any information potentially affected by this incident,” the statement said.