Even if you’ve never heard of Conduent, you could be one of the many people caught up in its recent data breach. Conduent provides technology services to several US state governments, including Medicaid, child support, and food programs, with the company stating that it “supports approximately 100 million US residents across various government health programs, helping state and federal agencies.”
In a breach notification, Conduent says:
“On January 13, 2025, we discovered that we were the victim of a cyber incident that impacted a limited portion of our network.”
An investigation found that an unauthorized third party had access to its systems from October 21, 2024, until the intrusion was stopped on discovery.
Breach notification letters will be sent to affected individuals, detailing what personal information was exposed. According to The Record, Conduent said more than 400,000 people in Texas were impacted, with data including Social Security numbers, medical information and health insurance details. Another 76,000 people in Washington, 48,000 in South Carolina, 10,000 in New Hampshire and 378 in Maine were also affected. Conduent has filed additional breach notices in Oregon, Massachusetts, California, and New Hampshire.
The stolen data sets may include:
- Names
- Social Security numbers
- Dates of birth
- Medical information
- Health insurance details
If all of those apply, it’s certainly enough for criminals to commit identity theft.
Ransomware group SafePay reportedly claimed responsibility for the attack and listed Conduent on its leak site.
SafePay, which emerged in late 2024, threatened to publish or sell stolen data if its demands weren’t met, claiming to have exfiltrated a staggering 8.5 terabytes of files from Conduent’s systems. Though relatively new on the scene, SafePay has quickly built a reputation for large-scale extortion targeting high-profile clients globally.
Breaches like this reinforce the need for robust cybersecurity and incident response in the public sector. For the potentially millions of people affected, stay alert to fraud and identity theft.
Protecting yourself after a data breach
If you think you’ve been the victim of this or any other data breach, here are steps you can take to protect yourself:
- Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened and follow any specific advice it offers.
- Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
- Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop, or phone as your second factor. Some forms of 2FA can be phished just as easily as a password, but 2FA that relies on a FIDO2 device can’t be phished.
- Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the company’s website to see if it’s contacting victims and verify the identity of anyone who contacts you using a different communication channel.
- Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
- Consider not storing your card details. It’s definitely more convenient to let sites remember your card details, but we highly recommend not storing that information on websites.
- Set up identity monitoring, which alerts you if your personal information is found being traded illegally online and helps you recover after.
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.
