Conduent data breach hits millions across multiple states

A ransomware onslaught connected authorities exertion elephantine Conduent is turning retired to beryllium acold bigger than archetypal reported. What initially sounded similar a constricted incidental present appears to impact tens of millions of radical crossed aggregate states. In Texas alone, astatine slightest 15.4 cardinal residents whitethorn person had their information exposed. Oregon has reported different 10.5 cardinal affected individuals. And notifications person besides gone retired to hundreds of thousands of radical successful states similar Delaware, Massachusetts and New Hampshire. If you trust connected authorities healthcare programs oregon authorities services, your information could beryllium portion of this breach.

Sign up for my FREE CyberGuy ReportGet my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox. Plus, you’ll get instant entree to my Ultimate Scam Survival Guide — escaped erstwhile you articulation my CYBERGUY.COM newsletter

What we cognize astir the breach truthful far

149 MILLION PASSWORDS EXPOSED IN MASSIVE CREDENTIAL LEAK

What started arsenic a "limited" ransomware incidental present appears to interaction tens of millions of radical crossed aggregate states. (Sebastian Kahnert/picture confederation via Getty Images)

The cyberattack happened successful January 2025 and was aboriginal claimed by the Safeway ransomware gang, which says it stole much than 8 terabytes of data. Conduent archetypal disclosed the incidental publically successful April, months aft hackers disrupted its systems and caused outages to authorities services crossed the country.

The institution initially said astir 4 cardinal radical successful Texas were affected. That fig has since jumped to 15.4 million, astir fractional the state's population. Oregon's lawyer wide reported different 10.5 cardinal impacted residents. Combined with different states issuing notifications, the full could scope into the dozens of millions.

The stolen information includes names, Social Security numbers, aesculapian information, and wellness security details. That operation is peculiarly unsafe due to the fact that it tin beryllium utilized for individuality theft, aesculapian fraud, and highly targeted scams.

Conduent processes information for ample corporations, authorities agencies, and authorities healthcare programs. The institution says its systems enactment services for much than 100 cardinal radical nationwide. However, it has not confirmed whether the breach affects that galore individuals.

In a filing with the SEC, Conduent acknowledged that the stolen information included a "significant number" of individuals’ idiosyncratic accusation tied to its clients’ extremity users, meaning radical who trust connected authorities agencies and firm services powered by the company.

RANSOMWARE ATTACK EXPOSES SOCIAL SECURITY NUMBERS AT MAJOR GAS STATION CHAIN

Why this breach is particularly concerning

Unlike a retail breach, wherever recognition paper information mightiness beryllium exposed, this incidental involves profoundly delicate idiosyncratic and aesculapian information. Social Security numbers and wellness records are semipermanent identifiers. You cannot simply cancel oregon regenerate them similar a debit card.

Healthcare-related information is particularly invaluable connected the achromatic marketplace due to the fact that it tin beryllium utilized to record fraudulent security claims, get medicine drugs, oregon unfastened fiscal accounts. And due to the fact that Conduent works down the scenes for authorities agencies, galore radical whitethorn not adjacent recognize their information was stored by the institution successful the archetypal place.

Conduent said it is inactive successful the process of notifying affected individuals and expects to implicit those notifications by aboriginal 2026. The institution did not supply a clearer timeline oregon corroborate however galore full radical volition yet beryllium alerted. Many radical could beryllium waiting months earlier knowing whether their accusation was compromised.

Conduent responds to January 2025 information breach

We reached retired to Conduent for comment, and a institution spokesperson provided CyberGuy with the pursuing statement:

"As antecedently disclosed successful its April 2025 Form 8-K filing with the SEC, successful January 2025, Conduent discovered that it was the unfortunate of a cybersecurity incident. With respect to that incident, Conduent has agreed to nonstop notification letters, connected behalf of its clients, to individuals whose idiosyncratic accusation whitethorn person been affected by this incident. Working successful conjunction with our clients, we expect to nonstop retired each of the user notifications by April 15. In addition, a dedicated telephone halfway has been acceptable up to code user inquiries. At this time, Conduent has nary grounds of immoderate attempted oregon existent misuse of immoderate accusation perchance affected by this incident.

"Upon find of the incident, Conduent acted rapidly to unafraid its networks, reconstruct its systems and operations, notify instrumentality enforcement, and behaviour an probe with the assistance of third-party forensics experts. In addition, fixed the quality and complexity of the information involved, Conduent worked diligently with a dedicated reappraisal team, including interior and outer experts, and conducted a elaborate investigation of the affected files to place the idiosyncratic accusation contained therein, which was a time-intensive process.

"Both Conduent and our third-party experts show the acheronian web regularly and person nary grounds of immoderate idiosyncratic accusation being released connected the acheronian web.

"Rest assured, we person followed each of the close protocols and person assured our clients that we person secured the indispensable data. Conduent has been moving with instrumentality enforcement and takes this substance seriously. We regret immoderate inconvenience this incidental whitethorn person caused."

How tin I cheque if my accusation was sold connected the acheronian web?

To cheque if your accusation was sold connected the acheronian web, you tin spell to haveibeenpwned.com and participate your email code into the hunt bar. The website volition hunt to spot what information of yours is retired determination and show if determination were information breaches associated with your email code connected assorted sites.

If you find your information is retired connected the web, region it with a information removal service. Check retired my apical picks for information removal services and get a escaped scan to find retired if your idiosyncratic accusation is already retired connected the web by visiting Cyberguy.com

Hackers assertion they stole much than 8 terabytes of data, including Social Security numbers and delicate aesculapian information. (Philip Dulian/picture confederation via Getty Images)

8 steps you tin instrumentality to support yourself aft the Conduent breach

When a breach involves Social Security numbers and aesculapian data, you request to deliberation agelong term. Here's what you should do.

1) Place a recognition freeze

A recognition frost prevents lenders from opening caller accounts successful your sanction without your approval. It's escaped and tin beryllium placed with Equifax, Experian, and TransUnion. This is 1 of the strongest protections you tin enactment successful spot aft an SSN exposure. You tin temporarily assistance it if you request to use for credit.

2) Monitor your recognition reports regularly

You're entitled to escaped recognition reports from each 3 large bureaus. Look for unfamiliar accounts, recognition inquiries, oregon code changes. Early detection makes it overmuch easier to unopen down fraud earlier it snowballs.

3) Use a password manager

If attackers obtained idiosyncratic details similar your sanction and email, they whitethorn effort credential-stuffing attacks against your different accounts. A password manager creates strong, unsocial passwords for each account, truthful 1 breach does not unlock everything else. Many password managers besides see breach alerts if your credentials amusement up successful known leaks.

Also, spot if your email has been exposed successful past breaches. Our #1 password manager (see Cyberguy.com) prime includes a built-in breach scanner that checks whether your email code oregon passwords person appeared successful known leaks. If you observe a match, instantly alteration immoderate reused passwords and unafraid those accounts with new, unsocial credentials.

Check retired the champion expert-reviewed password managers of 2026 astatine Cyberguy.com

4) Secure your email relationship first

Your email relationship is the gateway to astir everything. Protect it with a beardown password and two-factor authentication. Review betterment settings and caller login enactment to marque definite thing has been altered.

5) Enable two-factor authentication everyplace possible

Two-factor authentication (2FA) adds different barrier, adjacent if idiosyncratic has your password. Use an authenticator app alternatively than SMS whenever imaginable for stronger protection.

6) Install beardown antivirus software

Strong antivirus bundle tin assistance artifact malicious links, phishing attempts, and ransomware. After a large breach, scammers often people victims with follow-up attacks pretending to connection assistance oregon compensation. Security bundle adds different furniture of protection.

Get my picks for the champion 2026 antivirus extortion winners for your Windows, Mac, Android & iOS devices astatine Cyberguy.com

7) Consider individuality theft protection

Identity theft services show your Social Security number, fiscal accounts, and adjacent acheronian web marketplaces. If your accusation is misused, they tin alert you rapidly and assistance you retrieve faster. When SSNs are exposed, ongoing monitoring becomes particularly important.

See my tips and champion picks connected however to support yourself from individuality theft astatine Cyberguy.com

8) Reduce your integer footprint with a information removal service

Scammers often harvester breach information with idiosyncratic details recovered connected information broker sites. A information removal work works to region your telephone number, address, and different exposed accusation from hundreds of databases. While nary work tin erase everything, reducing what's publically disposable makes targeted fraud overmuch harder.

Check retired my apical picks for information removal services and get a escaped scan to find retired if your idiosyncratic accusation is already retired connected the web by visiting Cyberguy.com

Because Conduent powers authorities and healthcare services down the scenes, galore affected radical whitethorn not adjacent recognize their information was stored there. (Thomas Trutschel/Photothek via Getty Images)

Get a escaped scan to find retired if your idiosyncratic accusation is already retired connected the web: Cyberguy.com

Kurt's cardinal takeaway

The Conduent breach highlights a increasing hazard that galore radical ne'er spot coming. When ample authorities contractors are hit, millions tin beryllium affected astatine once. And due to the fact that these companies run down the scenes, you whitethorn not adjacent recognize they clasp your data. If your accusation was exposed, taking enactment present tin forestall semipermanent damage. The sooner you fastener things down, the harder it becomes for criminals to nett from your data.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Do you deliberation companies that process authorities information are doing capable to support it? Let america cognize your thoughts by penning to america astatine Cyberguy.com

Sign up for my FREE CyberGuy Report Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox. Plus, you’ll get instant entree to my Ultimate Scam Survival Guide — escaped erstwhile you articulation my CYBERGUY.COM newsletter 

Copyright 2026 CyberGuy.com.  All rights reserved.