More than 10 million impacted by breach of government contractor Conduent

Steven

More than 10 million impacted by breach of government contractor Conduent

Summary

Conduent, a major US government contractor that manages payments and IT for state programmes, has notified multiple states that a cybersecurity incident which began in January exposed the information of more than 10 million people. An investigation found attackers had access to Conduent’s network from 21 October to 13 January and exfiltrated a large set of files tied to the company’s work for state clients.

State breach notices list hundreds of thousands affected in Texas and tens of thousands in Washington, South Carolina, New Hampshire and other states. Conduent said systems were restored and law enforcement involved; the SafePay ransomware gang later claimed responsibility, saying 8.5 TB of data was stolen. Conduent reports it has not seen the data publicly released and has spent about $2m on the response so far.

Key Points

  • Attack window: hackers had network access from 21 October 2024 to 13 January 2025, enabling large-scale data theft.
  • Scale: breach notifications indicate over 10 million people impacted overall, with state-level exposures ranging from hundreds to hundreds of thousands of individuals.
  • Types of data: exposed information includes Social Security numbers, medical and health insurance details and other personal data tied to state programmes.
  • Services affected: Conduent provides technology for Medicaid, child support, food assistance, tolling and other state services, disbursing large volumes of payments annually.
  • Operational impact: states reported payment outages and delays in January; Conduent performed a disciplined recovery and engaged third-party security experts.
  • Attribution and claims: the SafePay ransomware gang claimed the theft in February (8.5 TB); Conduent says exfiltrated files contain client end-user personal data but have not been publicly released.
  • Financial & legal response: Conduent spent roughly $2m on investigation and remediation; federal law enforcement and cyber insurance are involved.

Why should I read this?

Heads-up: if you or someone you know gets state benefits or healthcare through a state programme, this is worth a minute of your time. Payments were disrupted and personal data may be exposed — so check any notices, watch for fraud, and follow guidance from your state agency. We read the long notices so you don’t have to.

Context and relevance

This incident highlights the systemic risk posed by large third-party contractors that centralise critical state services and sensitive citizen data. Ransomware groups increasingly claim vast exfiltrations rather than just encrypting systems, raising the stakes for identity theft and regulatory fallout. For organisations and individuals alike, it emphasises the need for stronger vendor security oversight, timely breach notification, and active monitoring of personal data.

Source

Source: https://therecord.media/millions-impacted-breach-conduent