A massive data breach at business services giant Conduent has compromised the sensitive personal information of over 25 million Americans, making it one of the largest cybersecurity incidents in recent history.
The breach, which went undetected for nearly three months, involves the exfiltration of approximately 8 terabytes of data by the SafePay ransomware group.
While initial estimates in early 2025 suggested a smaller impact, new filings in February 2026 reveal the victim count has ballooned to at least 25.9 million individuals, primarily affecting recipients of government services in Texas and Oregon.
The Breach Timeline and Technical Details
According to CSN, the investigations confirm that unauthorised actors maintained access to Conduent’s network between October 21, 2024, and January 13, 2025.
During this window, the SafePay ransomware group systematically exfiltrated 8 terabytes of files before the intrusion was discovered.
The stolen data is highly sensitive, containing names, Social Security numbers, dates of birth, medical records, and health insurance information.
Conduent officially acknowledged the incident after securing its systems in January, but the full scope of the data theft was not immediately apparent, leading to a staggered notification process that has drawn scrutiny from regulators.
The breach has severely impacted state government agencies that rely on Conduent for processing Medicaid, SNAP, and child support services.
Texas has been hit hardest, with 15.4 million residents affected nearly half the state’s population. Oregon officials have also confirmed that 10.5 million records were compromised in the attack.
The breach extends beyond government clients, with corporate entities like the Volvo Group also reporting employee data exposure.
Victims are currently receiving notification letters urging them to place fraud alerts on their credit files, as the combination of stolen SSNs and medical data poses a long-term risk of identity theft.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
