-
Hackers targeted Conduent, exposing sensitive data of at least 25 million Americans, including 15.4 million Texans.
-
The SafePay ransomware group claimed responsibility and siphoned roughly 8.5 terabytes of data from Conduent’s systems.
-
Multiple class action lawsuits now target Conduent for failing to protect sensitive personal and health information.
An enormous data leak from Conduent, which is a contractor for the federal government, has just exposed at least 25 million Americans’ private data. Conduent’s breach of its systems included Social Security numbers and health insurance information, and the state of Texas was also a victim, as roughly half of its residents were impacted by the breach.
Conduent provides a variety of backend support systems to many states around the country, and hackers were able to breach their network in October 2024, remaining undetected for over three months before the company discovered it on January 13 of 2025.
Breach Impact Grows as States Uncover True Scale
The ransomware hit is now taking giant strides. States continue to uncover how many people the breach affected. Texas revised its estimate dramatically. The state initially reported 4 million potential victims. That number jumped to 15.4 million a staggering 285% increase.
Oregon estimated that hackers exposed the sensitive data of 10.5 million people in the breach. Delaware, Massachusetts, and New Hampshire also reported hundreds of thousands of additional victims.
Conduent operates critical systems for 46 states. The company handles everything from Medicaid claims and eligibility systems to child support payments, food assistance, and unemployment insurance.
Their systems support government healthcare programs serving about 120 million people. They process more than 500 million Medicaid claims each year. The company disburses tens of billions of dollars annually in public benefits.
SafePay Ransomware Group Claims Responsibility
The hackers, who went by the name of the SafePay Ransomware Group, attacked & announced their responsibility for the Conduent attacks. They have stated they stole approximately 8.5TB of data from Conduent in an extended intrusion of several months.
Beginning in February 2025 & placed upon the SafePay Dark Web site listing all of the victims of SafePay attacks was Conduent. SafePay threatened to disclose all of the data if Conduent did not pay a ransom.
This growing threat of data leaks and dark web criminal activity has prompted governments worldwide to take action. Most recently, India launched a task force to monitor the dark web and crypto drug trafficking, recognizing that sophisticated cybercrime requires coordinated international responses.
At this time, neither the company nor the ransomware group has publicly identified the possible amount of the ransom. As of now, Conduent has made no claims [either positively or negatively] regarding any possibility of paying a ransom to the SafePay Ransomware group.
The breach has triggered a wave of litigation. The federal court in New Jersey is now consolidating multiple class action lawsuits against Conduent. Plaintiffs claim that the company failed to safeguard personal and sensitive health information properly and waited months before notifying victims of the breach.
In December, the court appointed a committee of plaintiffs to manage the lawsuits. The lawsuits could create financial liability for Conduent and could lead to regulatory fines or penalties. They may also result in lost business from state government clients in the future.
Company Response and Market Impact
According to Conduent, the company worked very fast in securing its networks once it learned of the breach. They were able to restore all systems and operations, notify law enforcement, and perform an internal investigation utilizing outside forensic experts.
The company said, ‘Our internal team and forensic specialists routinely scan the dark web for signs of disclosed personal information, but we have found no evidence that any customer data has been made publicly available.’
Conduent trades publicly on the NASDAQ stock exchange. The company’s stock price has gone from a peak of $23.00 per share in 2018 to approximately $1.50 per share today, down almost 90% from its peak.
Furthermore, this data breach emphasizes a larger problem of vulnerability of government contractors who manage significant amounts of sensitive personal information about individual citizens, as well as the compromised security of government infrastructure in general.
When these systems fail, the result isn’t just a headline; it’s a fresh supply of high-quality identity data for the global fraud market, as seen in the recent dump of millions of U.S. driver’s licenses on the dark web that criminals are now using to impersonate victims across borders.
Hackers infiltrating these systems and accessing sensitive data over time raise serious concerns about the cybersecurity protocols, processes, and standards used by businesses and organizations responsible for protecting critical services relied on by citizens.
