The impact of a ransomware attack on one of the largest U.S. government contractors is expanding, with over 25 million individuals now reported to have had personal data stolen.
Conduent, a provider of services like printing, mailroom operations, and document and payment processing for state government benefits, deals with a significant amount of personal information. The company claims its technology and support services reach more than 100 million people.
Since the cyberattack in January 2025, credited to a ransomware group, Conduent has provided limited information regarding the breach, including its cause and the exact number of those affected.
The state of Wisconsin’s data breach notification page reveals that the Conduent breach impacts at least 25 million Americans. TechCrunch’s compilation of various data breach notices corroborates this figure, with Oregon and Texas comprising the majority of those affected, with 10.5 million and 15.4 million individuals respectively. Additional data breach notices involve a few hundred thousand people in Massachusetts, New Hampshire, and Washington.
Compromised data includes names, birthdates, addresses, Social Security numbers, health insurance details, and medical information.
Conduent has issued sparse communication beyond data breach notifications and has sometimes made it harder for affected individuals to find information about the breach.
A page titled “Incident Notice” on Conduent’s website, which appeared in October 2025 alongside its first data breach notification, does not specifically mention a cybersecurity incident. The inclusion of a hidden “noindex” tag in its source code directs search engines not to index the page, hindering web searches.
When contacted by TechCrunch, Conduent spokesperson Sean Collins declined to disclose the number of notifications distributed or clarify why the incident notice is concealed from search engines.
Though Conduent’s breach is significant, it is outdone by the Change Healthcare hack, which affected over 190 million people after a ransomware incident in February 2024. This involved a Russian-speaking ransomware group stealing extensive health and medical data via a stolen credential lacking multi-factor authentication, leading to Change Healthcare paying at least two ransoms to keep most of the data off the internet.