The spillover from a ransomware assault on one of many largest authorities contractors in america retains getting larger: greater than 25 million individuals have now had private knowledge stolen within the hack.
Conduent supplies printing, mailroom providers, and doc and fee processing providers for state authorities profit operations, akin to meals help, in addition to office and unemployment advantages for giant firms. As such, the corporate handles a considerable amount of private info belonging to a big swath of america. Conduent says its expertise and operational assist providers attain greater than 100 million individuals.
However because the January 2025 cyberattack assault, which a ransomware group claimed credit score for, the company large has stated little in regards to the knowledge breach, akin to the way it was induced and the way many individuals are affected.
An replace to the state of Wisconsin’s data breach notification page now exhibits the Conduent breach impacts at the least 25 million individuals throughout america.
TechCrunch’s ongoing tally from varied knowledge breach notification letters that now we have seen additionally quantities to about 25 million individuals, with Oregon (10.5 million) and Texas (15.4 million) accounting for almost all of these affected. Different knowledge breach notices seen by TechCrunch embody one other few hundred thousand people throughout Massachusetts, New Hampshire and Washington.
The breach is understood to have compromised people’ names, dates of delivery, addresses, Social Safety numbers, medical health insurance info, and medical knowledge.
Conduent has stated little exterior of its knowledge breach notifications, and in some instances has made it tougher for affected people to study in regards to the breach.
Techcrunch occasion
Boston, MA
|
June 9, 2026
A web page on Conduent’s web site, titled “Incident Notice” that was printed in October 2025 concurrently its first knowledge breach notification, doesn’t explicitly point out a cybersecurity incident. The web page incorporates a hidden “noindex” tag in its supply code, which tells search engines like google and yahoo to not record the web page in search outcomes, making it troublesome for anybody looking the online to search out it.
When reached by TechCrunch, Conduent spokesperson Sean Collins wouldn’t say what number of notifications the corporate has despatched to this point, or why the corporate is hiding its incident discover from search engines like google and yahoo.
Conduent’s breach has been billed as one of many “largest ever,” however possible trails behind the Change Healthcare hack, which affected greater than 190 million individuals following a ransomware assault in February 2024. A Russian-speaking ransomware gang stole reams of well being and medical knowledge from Change Healthcare utilizing a stolen credential that wasn’t protected with multi-factor authentication, prompting the healthcare tech large to pay at the least two ransoms to maintain many of the stolen knowledge off the web.

